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Juniper  in  a  race  to 
‘out-virtualize’  its  foes 

BY  JIM  DUFFY 

JUNIPER  NETWORKS’  announcement  last  week  of  switches  and  routers 
designed  to  flatten  and  simplify  legacy  networks  is  the  latest  sign  that  this 
company  has  no  intention  of  backing  off  in  the  face  of  ever  stiffer  data  center 
competition  from  Cisco,  HP  and  others. 

Juniper’s  rollout  takes  aim  at  Cisco’s  Nexus  switches  and  other  data  center 
network  wares,  while  setting  the  stage  for  Juniper’s  Project  Stratus,  a  converged 
data  center  fabric  that  is  still  another  eight  to  12  months  away  from  delivery. 

Juniper  is  trying  to  guarantee  itself  a  seat  at  the  table  by  optimizing  its  prod¬ 
uct  line  around  increasing  use  of  virtualization  technologies  within  the  most 
compute-  and  networking-intensive  sites. 

“The  vendor  that  solves  that  problem  first  has  a  huge  upside,”  says  Zeus  Ker- 
ravala,  a  Yankee  Group  analyst. 

The  challenge  for  Juniper  is  that  Cisco’s  been  targeting  virtualization  from 
the  networking  side  for  several  years,  while  server  titans  such  as  HP  and  IBM 
—  a  Juniper  partner  in  Stratus  —  have  been  tackling  it  from  the  compute  side 
even  longer.  Meanwhile,  Brocade  points  out  that  it  has  been  building  data  center 
fabrics  with  partners  for  years  and  that  Juniper  remains  vague  about  how  it  will 
support  legacy  storage  networks. 

“The  legacy  approach  can  no  longer  scale  to  support  virtualization,”  Juniper 
CEO  Kevin  Johnson  said.  “Fifty  percent  of  the  ports  are  talking  to  other  network 

►  See  Juniper, page  22 


NAC:  What  went  wrong? 

After  five  years,  still  no  easy 
way  for  IT  managers  to  achieve 
network  access  control .  Page  24  • 
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MORE  SIGHTS  TO  SEE! 
40  days  of  summer  gadgets  and  apps. 

tinyurl.com/243qhlv 


Rev  up  your  summer 
computing  by  driving  the 
MotorMouse. 
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Mixed  reviews 

Symantec's  $1.2  bil¬ 
lion  VeriSign  gambit 
gets  mixed  reactions 
from  security  com¬ 
munity.  Page  12  ► 


Wi-Fi  recharge 

New  standards, 
frequencies  will 
make  Wi-Fi  networks 
ever-more  perva¬ 
sive.  Page  14  ► 
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The  application  architecture.  The  servers.  Even  the  storage.  Just  about 
everything  in  the  network  has  evolved.  Except  unfortunately,  the  network 
itself.  Frustratingly  slow.  Unable  to  scale.  Costly  to  manage  and  too 
complicated  to  overhaul.  The  network  architecture  is  crying  out  for  innovation 
and  desperate  for  a  new  approach. 


it’s  time  to  think  about  the  network.  Where  do  you  start? 
With  the  one  company  who  thinks  about  nothing  else. 

Solving  the  problems  of  the  modern  network  isn't  just  a  big  thing.  At  Juniper, 
it’s  the  only  thing.  This  singular  focus  has  led  to  phenomenal  innovation 
and  achievements  that  solve  the  unprecedented  demands  on  data  center 
capability  and  economic  efficiency. 


In  fact,  we  are  leading  the  architectural  innovations  of  the  networking  industry. 
The  Juniper  3-2-1  architectural  approach  to  data  center  radically  simplifies  the 
complexity  of  the  network  by  eliminating  the  number  of  switching  layers  from 
3  to  2  to  1  —the  ultimate  vision  of  a  unified,  simplified  network  fabric. 

The  result  is  the  new  network  data  center.  Built  for  the  cloud.  Ready  for  the 
next  decade.  It’s  a  revolutionary  combination  of  simplification,  automation 
and  security  that  delivers  up  to  eight-fold  improvements  in  network 
performance  and  up  to  35%  reduction  of  data  center  networking  cost. 
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BlackBerry 


Introducing  BlackBerr y  ®  Enterprise  Server  Express 

The  power  behind  the  world-class  BlackBerry  experience  is  now  free.  That  means 
you  no  longer  have  to  sacrifice  security  and  manageability  when  providing  mobile 
solutions  across  the  organization.  So  go  ahead,  implement  away!  Because  now 
you  can  give  proven  and  secure  tools  —  like  full  email  and  calendar  sync,  and  core 
business  apps  —  to  more  employees  without  additional  software  and  licensing  costs. 

•  Give  your  people  on-the-go  access  to  their  most  critical  files 
‘  Even  connect  employee-owned  devices 
•  All  with  industry-leading  security  and  manageability 


Download  now  or  find  out  more  at 

www .  b  l  a  c  k  p  e  rry.com/GoExpress 
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©  2010  Research  In  Motion  Limited.  All  rights  reserved.  BlackBerry®,  RIM®,  Research  In  Motion®,  SureType®,  Sure  Press™  and  related  trademarks,  names,  and  logos  are  the  property  of  Research  In  Motion  Limited  and 
are  registered  and/or  used  in  the  U.S.  and  countries  around  the  world.  All  other  trademarks  are  the  property  of  their  respective  owners.  Screen  image  simulated.  BlackBerry  smartphone  and  network  services  not  included 
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FROM  THE  EDITOR  JOHN  DIX 


Do  netbooks  make 
good  PC  companions? 

hile  the  Apple  iPad  and  other  emerg¬ 
ing  tablets  may  ultimately  shift  the  playing 
field,  netbooks  from  the  big  corporate  sup¬ 
pliers  offer  an  interest¬ 
ing  mobile  alternative 
to  big,  bulky  laptops. 

Don’t  confuse  these 

solidly  built  machines  loaded  with  helpful  tools  for  the 
mobile  professional  with  the  cheap,  plastic  consumer 
netbooks  you  find  at  Best  Buy  and  other  outlets. 

The  recently  announced  10-  by  7-  by  1-inch  HP  Mini 
5102,  for  example,  has  an  all-metal  case,  a  10-inch  screen, 
a  great  95%-full  keyboard  and  feels  quite  substantial,  yet 
weighs  in  at  only  2.64  pounds.  I  borrowed  one  from  HP  for  a  month  to  see  what  it 
was  like  to  live  with  what  HP  calls  a  “companion  PC.” 

In  a  word:  great.  These  aren’t  toys  (this  one  is  powered  by  an  Intel  Atom  N450 
1.66GHz  processor  with  1GB  of  RAM  and  a  160GB  drive).  While  they  don’t  boast 
the  horsepower  of  a  full-sized  laptop,  they  are  more  than  adequate  for  your  aver¬ 
age  knowledge  worker  pounding  on  documents  and  spreadsheets  and  accessing 
e-mail  and  the  Web  (for  a  full  review  of  the  machine  see  tinyurl.com/26m2n98). 

But  if  you’re  going  to  go  this  route  look  for  machines  with  added  value.  The  5120, 
for  example,  comes  with  HP  QuickSync,  which  synchronizes  the  contents  on  your 
netbook  with  your  desktop  over  a  wired  or  wireless  link.  To  sync  you  start  the 
password-protected  programs  on  both  machines  and  let  them  figure  out  what  has 
been  updated.  This  is  a  huge  advantage  if  you  are  going  to  live  with  two  devices. 

Two  other  interesting  tools  on  the  the  Mini  5102  are  accessible  from  dedicated 
buttons  above  the  keyboard.  Quick  Web  launches  an  HP  browser  without  start¬ 
ing  up  the  operating  system.  I  was  surfing  in  16  seconds,  compared  to  about  40 
seconds  for  a  full  Windows  7  boot.  Similarly,  QuickLook  lets  you  access  Outlook 
calendar  items,  contact  info  and  stored  e-mail  (up  to  1,000  cached  messages)  with¬ 
out  booting  the  computer  —  great  if  you’re  on  the  run. 

While  the  price  seems  right  at  $399  and  road  warriors  will  welcome  the  light 
weight  and  small  form  factor  (you  can  actually  use  one  of  these  things  on  an  air¬ 
plane  tray  table),  what  it  comes  down  to  is  this:  can  you  really  afford  to  add  another 
layer  of  hardware/OS/apps  for  mobile  workers? 

That’s  a  heavy  price  to  pay.  The  same  is  true,  of  course,  for  the  new  tablets.  If  it 
isn’t  a  one-for-one  swap,  you’re  just  adding  to  device  count  and  complexity,  which 
aren’t  our  friends.  That  said,  if  employees  are  going  to  start  buying  these  things 
on  their  own  anyway,  at  least  you  can  point  them  in  a  direction  that  makes  sense. 
Machines  like  the  Mini  5102  make  welcome  travel  companions. 
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Internet  privacy  laws 
lacking  in  the  U.S. 

©  ONE  ISSUE  I  have  with  all  this  is  I 
constantly  see  articles  coming  up  about 
browsers  tracking  us.  That  has  been 
going  on  for  long  time  and  it’s  no  surprise 
the  data  that  they  collect  can  be  very  valu¬ 
able  and  useful  for  spamming,  etc.  (Re:  8 
in  10  browsers  leave  identifiable  ‘finger¬ 
prints,’  EFF  warns;  tinyurl.com/3ak9t2v) 

The  biggest  problem  with  the  Internet 
in  the  U.S.  and  Canada  is  that  the  privacy 
laws  in  the  U.S.  especially  allow  compa¬ 
nies  to  get  data  from  third  parties  and  sell 
the  data  with  no  rules  to  go  by.  I  think  in 
order  to  put  a  stop  to  this  the  privacy  laws 
need  to  be  overhauled  in  both  Canada  and 
U.S.  as  it  is  obvious  that  they  do  not  apply 
to  the  Internet. 

All  in  all  as  a  computer  forensic  profes¬ 
sional  I  am  seeing  less  information  being 
kept  on  machines  in  regards  to  chat  logs 
and  Web  browser  history  so  that’s  a  good 
sign.  On  the  other  hand  once  we  are  out 
on  the  Internet  there  is  no  way  to  ensure 
your  privacy  especially  when  the  servers 
are  outside  of  North  American  borders. 

If  you  take  Google  as  an  example  —  it 
has  so  many  server  scripts  that  can  track 
a  lot  of  things  about  a  user  using  the 
search  engine. 

If  people  want  to 
be  anonymous  on  the 
Web  they  need  to  use 
tools  such  as  tor  and 
JanusVM  or  just  use 
a  Linux  live  CD  with 
no  hard  drive  in  the 
system  then  it  doesn’t 
matter  if  they  track 
your  habits  because 
they  have  nothing  on 
you  as  it  is  very  easy 
to  discard  or  shred  a 
Linux  live  CD  leaving 
no  evidence  behind 
to  be  traced  back  especially  if  the  IP 
address  is  anonymous. 

Computer  Forensics  Professional 

Femtocells:  Let  carriers 
foot  the  bill 

©  FEMTOCELLS  SAVE  THE  wireless 
carriers  a  lot  of  money,  as  the  traffic  is  . 
offloaded  from  their  networks  onto  their 
customers’  Internet  connections.  (Re: 

Will  femtocells  ever  get  their  moment?; 
tinyurl.com/3iwccsh)  Users  shouldn’t  be 


paying  for  this;  if  anything  the  carriers 
should  be  paying  users.  The  future  of 
wireless  service  is  likely  to  be  monthly 
contracts  rather  than  minutes  anyway 
(especially  with  smartphones  where  one 
can  bypass  the  use  of  cellular  minutes  by 
using  VoIP),  so  the  pitch  of  saving  money 
by  not  using  contract  minutes  won’t  work. 

The  model  that  will  work  will  be  for 
the  carriers  to  give  the  femtocells  to  two 
classes  of  users:  businesses  and  public 
spaces  (convention  centers,  transpor¬ 
tation  hubs,  etc.)  with  heavy  use,  and 
homes  that  have  poor  cell  reception.  No 
equipment  fees,  no  monthly  fees,  no  noth¬ 
ing  —  free  so  long  as  they  are  being  put  to 
good  use.  By  increasing  quality  of  service, 
the  wireless  carriers  will  retain  custom¬ 
ers,  rather  than  having  some  of  them 
consider  going  to  a  future  of  Wi-Fi  only 
and  dropping  service  altogether. 

mdulcey 

Broadband:  Other 
countries  get  it  right 

©WEONLYHAVE  to  observe  the  U.S.  posi¬ 
tion  in  the  league  of  broadband  nations 
to  see  where  current  policies  have  led. . . 
and  to  compare  with  other  developed 
countries  to  see  that  common  carrier  is 

the  way  forward.  (Re: 
FCC’s  ‘third  way’: 
Trying  to  be  partially 
pregnant?;  page  16) 

In  Europe,  even 
wireless  is  common 
carrier  and  the  ben¬ 
efits  to  consumers  in 
costs  and  choices  are 
blindingly  obvious. 
Of  course  it’s  always 
possible  that  the 
Euro  cell  system  will 
collapse  along  with 
the  physical  network 
suppliers  but  it 
doesn’t  look  that  way  now. 

Personally,  I  do  not  feel  it  was  “fair” 
that  my  small  independent  ISP  was  ush¬ 
ered  out  of  business  by  the  FCC’s  ruling, 
lobbied  by  the  incumbents,  to  reclassify 
telephone  “wires”  as  an  “information 
service”  and  kill  off  common  carrier.  If 
only  people  had  been  better  informed  as 
to  what  that  meant  and  the  consequences, 
which  have  now  been  realized  in  a  non¬ 
competitive  broadband  industry. 

Scunnerous 
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Power  your  planet. 


We  live  on  a  planet  where  nearly  6  terabytes  of  information  are  being  exchanged  over  the  Internet  every 
second,  and  where  billions  of  connected  people  are  surpassed  in  number,  only  by  trillions  of  connected 
objects  and  devices.  Why  then  is  the  average  server  in  the  average  business  running  at  only  10%  utilization? 
It’s  hard  enough  for  businesses  to  meet  the  demands  of  a  smarter  planet  today,  much  less  the  unforeseen 
demands  of  tomorrow.  The  new  POWER7  Systems™  from  IBM  are  not  simply  servers— they’re  fully 
integrated  systems  with  the  ability  to  run  hundreds  of  virtual  servers,  helping  you  drive  up  to  90%  utilization. 
These  next-generation  systems  integrate  massive  parallel  processing,  throughput  computing  and  analytics 
capabilities  to  optimize  for  the  complex  workloads  of  an  increasingly  data-driven  world.  Learn  how  to 
power  your  planet  at  ibm.com/poweryourplanet 


Smarter  systems  for  a  Smarter  Planet. 


Sources  for  claims  can  be  found  at  www.ibm.com/power/p7claim.  IBM,  the  IBM  logo,  ibrn.com,  P0WER7  Systems,  Smarter  Planet  and  the  planet  icon  are  trademarks  o?  International  Business 
Machines  Corp.,  registered  in  many  jurisdictions  worldwide.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/iegal/copytrade.shtm!.  ©  International  Business  Machines  Corporation  207  0. 
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Oh  Molly,  your  ads  are 
pulling  GREAT 

MICROSOFT  SAYS  IT  has  uncovered  a  new  kind  of  fraud, 
filing  two  lawsuits  against  people  it  says  are  using  a  scam  it  calls 
click  laundering.  It’s  a  bit  like  money  laundering,  in  that  the  bad 
guys  try  to  cover  their  tracks  to  make  fraudulently  obtained 
clicks  on  ads  appear  legit.  In  one  of  the  suits,  Microsoft  accuses 
RedOrbit.com  of  using  botnets  and  parked  sites  (dummy  sites 
that  typically  only  include  long  lists  of  links)  to  dramatically  drive 
up  the  number  of  clicks  on  ads  on  the  RedOrbit  site.  But  rather 
than  simply  use  the  botnets  and  sites  to  direct  clicks  to  ads  on 
RedOrbit.com  as  fraudsters  commonly  do,  RedOrbit  directed 
the  traffic  to  its  own  servers  where  it  scraped  out  the  traffic- 
referring  information  and  replaced  it  with  code  that  made  it  look 
like  the  traffic  came  directly  from  legitimate  interested  buyers  to 
the  approved  RedOrbit  site.  "[We  have  uncovered]  what  was  at 
one  point  thought  to  be  highly  or  almost  impossible  to  do,"  said 
Richard  Boscovich,  an  attorney  in  Microsoft's  digital  crimes  unit. 
tinyurl.com/2vgpkgq 
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SWMF  "  Li.,  i/  /**/  ««  operating  system,  plugins,  and 

even  fonts  installed  —  can  be 
compiled  by  Web  sites  to  create 
a  unique  portrait  of  most  visi¬ 
tors,  says  Peter  Eckersley,  who 
conducted  the  research.  The  EFF 
has  set  up  a  Web  site  that  tests 
visitors  for  uniquely  identifiable 
information.  Most  people  are 
surprised  to  discover  just  how 
trackable  they  are,  Eckersley 
said.  “Even  if  you  turn  off  cookies 
and  you  use  a  proxy  to  hide  your 
IP  address,  you  could  still  be 
tracked.” 

tinyurl.com/35x6dlo 

Cisco  says,  make 
that  a  double 

AFTER  A  quiet  first  quarter,  the 


So  much  for 
anonymity 

THINK  YOU’RE  browsing 
anonymously?  Think  again. 
Even  without  cookies,  popu¬ 
lar  browsers  such  as  Internet 
Explorer  and  Firefox  give  Web 
sites  enough  information  to  get  a 
unique  picture  of  visitors  about 
94%  of  the  time,  according  to  the 
Electronic  Frontier  Founda¬ 
tion.  Configuration  information 
—  data  on  the  type  of  browser, 


normally  acquisitive  Cisco  is 
back  at  it  with  the  announce¬ 
ment  of  its  first  two  deals  of  the 
year.  The  company  is  plunking 
down  $99  million  in  cash  for 
CoreOptics,  a  designer  of  digital 
signal  processing  technology 
for  optical  networks.  It’s  also 
after  the  company’s  expertise 
in  digital  ASIC  design  and 
advanced  modulation  formats. 
And  Cisco  is  acquiring  Moto 
Development  Group  (amount 
unknown),  a  product  design 
consulting  firm  that  helped 
develop  what  is  now  Cisco’s  Flip 
video  camera.  Although  Cisco 
doesn’t  swallow  as  many  com¬ 
panies  as  it  once  did  —  in  2000 
it  bought  23,  and  12  apiece  in 
’04  and  ’OS  —  over  the  last  three 
years  it  gobbled  down  23  firms. 
tinyurl.com/34x8ezp 


Walk  it  off...  er,  on 


INSTEAD  OF  draining  the  bat¬ 
tery  on  your  iPhone  while  you 
exercise,  someday  you  might 
be  able  to  charge  it  at  the  same 
time  you’re  burning  calories. 
Researchers  at  Georgia  Institute 
of  Technology  have  found  a  way 
to  harvest  energy  using  tiny 
nano  wires  made  of  zinc  oxide. 
Zinc  oxide  has  piezoelectric 
potential,  which  provides  the 
ability  for  nanowires  to  convert 
mechanical  energy,  generated 
by  walking  or  running,  into 
electric  energy.  The  researchers 
haven’t  performed  actual  field 
tests  yet,  but  they’ve  formed  a 
company 
called 


8T  VIDEO 


(Future  cars! 

GM  shows  off  its  EN-V, 
(electric  network  vehicles), 
which  are  designed  with 
urban  transport  in  mind. 
They  use  a  lithium  ion 
battery  that  can  be 
recharged  through  normal 
electrical  outlets. 
tinyurl.com/37c3r8c 


Piezodyne  to  commercial¬ 
ize  the  technology,  tinyurl. 
com/3ao65cc 

CA  changes 
name,  again 

CA  HAS  changed  its  name  to  CA 
Technologies  to  reflect  the  depth 
of  its  offerings,  a  portfolio  that 
is  getting  deeper  and  deeper. 
Earlier  this  year  CA  completed 
acquisitions  of  cloud  software 
provider  3Tera,  performance 
monitoring  software  Nimsoft 
and  service-level  management 
software  company  Oblicore.  In 
2009,  the  company  acquired 
network  performance  monitor¬ 
ing  software  vendor  NetQoS, 
the  assets  of  automation 
vendor  Cassatt,  and  data- loss 
prevention  software  provider 
Orchestria.  The  new  moniker 
marks  the  second  name  change 
in  five  years.  In  January  2006 
Computer  Associates  Inter¬ 
national  dropped  the  pretense 
and  went  with  what  everyone 
called  it  anyway ...  CA.  tinyurl. 
com/2vvjezl 

Gov't  =  highly 
secure  practices, 
right? 

SO  WE  like  to  think.  But  it 
turns  out  that  users  in  the 
government  are  the  same  weak 
link  as  in  every  other  company. 
In  a  survey  of 200  federal 
IT  and  information  security 
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You  have  plenty 
of  things  to  worry  about. 

Sensitive  data  roaming  the 
world  shouldn't  be 
one  of  them. 


Secure,  global  IT  and  Communications  solutions  for  a  more  agile  business. 

Mobile  workers  crisscrossing  the  world.  Suppliers  on  numerous  continents.  Vast  amounts  of 
machine  and  device  data  wirelessly  gathered  and  shared,  every  minute  of  every  hour.  And  to 
stay  competitive,  you  must  step  it  up.  Partnering  with  Verizon  helps.  From  securing  mobile 
access  to  backend  data  to  security  assessments,  our  global  risk  management  solutions  can 
provide  the  confidence  to  move  ahead  quickly,  aggressively,  almost  anywhere. 

Verizon:  connecting  systems,  machines,  ideas,  and  people  worldwide  for 
altogether  better  outcomes,  verizon.com/better 


altogetherbetter 


CiOIOfefUM. 


bits 


Rallying 
around  UC 


A  NUMBER  of 

unified  communica¬ 
tions  vendors  including 
Microsoft,  Polycom  and 
HP  have  formed  the  Unified  Com¬ 
munications  Interoperability  Forum,  a  group  to 
make  sure  all  the  pieces  needed  for  collaboration  will 
work  together.  UCIF  also  includes  Juniper  and  Logitech 
among  its  founders  and  had  at  least  12  other  members 
as  of  last  week.  Because  it  typically  involves  a  variety 
of  systems,  often  from  different  vendors,  UC  can  be 
hard  to  pull  off  in  the  real  world,  Polycom  co-founder 
and  CTO  Jeff  Rodman  said.  Interoperability  has  been 
an  ongoing  problem  in  UC,  and  enterprises  want  all 
the  major  vendors  to  implement  their  products  so 
they  work  together,  according  to  Wainhouse  Research 
analyst  Andrew  Davis.  But  not  all  is  perfect  with 
UCIF  from  the  start:  Cisco  and  Avaya,  the  two  biggest 
players  in  UC,  had  been  invited  but  had  not  joined  the 
organization. 


Judge  gives  ISP  the  boot 


A  U.S.  district  court  judge  has  ordered  the  per¬ 
manent  closure  of  an  Internet  service  provider 
long  accused  of  hosting  and  distributing  spam, 
spyware,  child  pornography  and  other  illegal  con¬ 
tent,  at  the  request  of  the  Federal  Trade  Commission. 
Judge  Ronald  Whyte  of  the  U.S.  District  Court  for  the 
Northern  District  of  California  in  San  Jose  has  ordered 
that  the  computer  servers  and  other  assets  owned 
by  Pricewert,  doing  business  as  3FN.net,  be  sold  by  a 
court-appointed  receiver.  Whyte  also  ordered  the  com¬ 
pany  to  turn  over  $1.08  million  in  illegal  profits  to  the 
FTC,  according  to  court  documents.  Several  security 
experts  supported  the  FTC’s  case  against  3FN,  Whyte 
wrote  in  a  disgorgement  order.  “These  experts  had 
analyzed  data  derived  from  Internet  searches  which 
establish  that  defendant,  an  internet  service  provider, 
was  engaged  in  widespread  illegal  activity,” 


Microsoft  sues 
Salesforce.com 


professionals  by  Meri- 
Talk,  a  government  IT 
social-networking  site, 
and  Axway,  an  IT  security 
vendor,  52%  said  employ¬ 
ees  used  personal  e-mail 
to  transfer  files  within 
their  agencies  or  to  other 
agencies.  About  two-thirds 
said  employees  used  physi¬ 
cal  media,  including  USB 
drives  and  DVDs,  to  transfer 
files,  and  60%  of  employees 
use  FTP.  And  while  80%  of 
respondents  said  their  agencies 
have  adequate  file  transfer 
policies  in  place,  only  58%  said 
employees  were  aware  of  secure 
file  transfer  policies.f/nyur/. 
com/37r8dom 


Friends  don't  let 
friends  sit  on 
copy  machines 


OK,  THAT’S  really  the 
least  of  your  worries.  But 
this  is  sobering.  It  turns 
out  these  machines 
have  long  memories.  A 
recent  report  from 
CBS  News  said 
nearly  every 
copy  machine 
built  since  2002 
stores  documents 
copied,  scanned 
and  e-mailed  on  internal  hard 
drives.  The  report  found  sensi¬ 
tive  health  and  law-enforcement 
investigation  information  on 
copy  machines  ready  to  be 
resold.  Now  lawmakers  are  get¬ 
ting  involved.  “I  am  concerned 
that  these  hard  drives  represent 


TRUE  FACT 


a  treasure  trove  for  thieves, 
leaving  unwitting  consum¬ 
ers  vulnerable  to  identity 
theft  as  their  Social  Security 
numbers,  birth  certificates, 
medical  records,  bank  records 
and  other  personal  informa¬ 
tion  are  exposed,”  wrote  U.S. 
Representative  Ed  Markey  in  a 
letter  to  the  U.S.  Federal  Trade 
Commission.  In  response,  FTC 
Chairman  Jon  Leibowitz  last 
week  said  the  agency  is  working 
with  copy  machine  makers  and 
sellers  to  provide  “appropri¬ 
ate  educational  materials”  to 
clients,  tinyurl.com/2wom6hy 


A  tablet  in 
every  hand 


YOU  MAY  not  find  it  magical  or 
revolutionary,  but  Apple’s  iPad 
is  undeniably  influential.  It’s  a 
big  reason  for  bullish  estimates 
in  the  tablet  market.  Like  from 
IDC,  which  is  forecasting  tablet 
shipments  will  reach  7  million 
this  year  and  top  46  million  in 
2014.  As  more  applications, 
content  and  services  designed 
for  tablets  become  available, 
tablets  will  become  “neces¬ 
sities  for  many  consumers,” 
says  Susan  Kevorkian,  a 
program  director  with  IDC. 
Tablet  shipments  in  2010 
will  likely  be  dominated 
by  Apple,  but  competi¬ 
tors  aren’t  far  behind.  HP 
announced  plans  to  use  Palm’s 
WebOS  in  tablets.  Asus  and 
Lenovo  also  plan  to  release 
tablets.  Google,  too,  is  rumored 
to  be  making  one. 
tinyurl.com/3y66h9u 


MICROSOFT,  FREQUENTLY  the  target 
of  patent  infringement  suits,  last  week 
targeted  CRM  rival  Salesforce.com  in  a  suit 
of  its  own.  Microsoft  claimed  in  U.S.  District 
Court  in  Seattle  that  the  $1.3  billion  com¬ 
pany  violated  nine  patents,  including  those 
having  to  do  with  how  to  navigate  customer 
relationship  management  software.  Micro¬ 
soft  is  seeking  an  injunction  and  monetary 
compensation. 


10,000,000,000 

The  number  of  transistors  per  human  by  the  end  of  2010, 


each  transistor  costing  one  ten-millionth  of  a  cent. 


SOURCES:  INTEL  CORPORATION:  CISCO  IBSG.  2006-2009:  IBM 
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The  1&1  server  totally  configurable  to  your  needs 


A  powerful  virtual  server  environment 
with  full  root  access.  Adjust  the  || 
processor  core,  RAM,  and/or  hard 
disk  space  to  fit  your  needs.  With  I 
the  Dynamic  Cloud  Server,  you  can  i 
change  your  specifications 
at  any  time!  M 


l&l I  Server  Configuration 


Traffic  (GB) 


Opteron 


1&1®  Dynamic  Cloud  Server  -  basic  configuration  includes: 


✓ 

✓ 

✓ 

✓ 


1  Virtual  Core  of  a  Quad-Core  AMD  Opteron™ 
2352  Processor 

1  GB  RAM 

lOO  GB  disk  space 

Guaranteed  resources  (just  like  a  dedicated  server!) 


More  server  offers  are  available  online.  Visit  our  website  for  details. 


"Offer  valid  as  of  May  1,  2010.  Offer  applies  to  Dynamic  Cloud  Servers  only,  up  to  a  maximum  discount  of  $149.97  per  server.  12  month  minimum  contract  term  and 
setup  fee  apply.  Prices  valid  for  basic  configuration  only.  For  other  configurations,  additional  costs  apply.  Visit  www.1  andl  .com  for  full  promotional  offer  details.  Pro¬ 
gram  and  pricing  specifications  and  availability  subject  to  change  without  notice.  1&1  and  the  1&1  logo  are  the  trademarks  of  1&1  Internet  AG,  all  other  trademarks 
are  the  property  of  their  respective  owners  ©2010  Internet,  Inc.  All  rights  reserved. 
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Symantec’s  VeriSign  gambit  draws  mixed  reviews 


BYELLENMESSMER 

SYMANTEC’S  DECISION  to  pay  $1.28 
billion  to  buy  most  of  the  security  services 
within  VeriSign  is  drawing  mixed  reactions  in 
the  analyst  community,  but  Symantec  insists 
the  VeriSign  certificate  and  authentication 
services  are  key  elements  in  what  could  be 
one  of  the  biggest  self-transformations  in  the 
security  industry. 

It  even  comes  down  to  the  Symantec  logo, 
which  will  be  changed  to  a  new  one  that  includes 
the  telltale  VeriSign  check  mark,  according 
to  Francis  deSouza,  senior  vice  president  in 
Symantec’s  enterprise  security  group. 

But  it  will  be  understandable  if  there’s 
some  initial  confusion  regarding  this  indus¬ 
try  re-shuffling,  since  the  company  VeriSign 
will  still  go  on  selling  domain  names,  while 
Symantec  will  also  be  using  the  name  Veri¬ 
Sign  to  continue  selling  VeriSign’s  SSL  certif¬ 
icates  and  authentication  services.  Symantec 
also  gets  ownership  stake  in  VeriSign  Japan. 


The  Symantec  deal  to  acquire  most  of  Veri¬ 
Sign’s  security  businesses  (VeriSign  keeps  the 
iDefense  unit)  comes  just  a  few  weeks  after 
the  announcement  that  Symantec  is  buying 
both  PGP  and  GuardianEdge  Technologies. 

Analysts  are  offering  mixed  reactions  to 
Symantec’s  VeriSign  deal. 

“We’re  not  very  positive  on  this,”  says 
John  Pescatore,  a  Gartner  senior  analyst. 
“When  Symantec  bought  PGP,  Gartner  said 
they  needed  to  avoid  the  distraction  of  going 
after  the  commoditized  SSL  server  certifi¬ 
cate  market.  Here  they  are  buying  VeriSign, 
whose  revenue  on  SSL  certificates  has  been 
dropping  because  of  the  SSL  market  being 
driven  by  low  prices.  The  SSL  cert  business 
isn’t  even  strongly  related  to  any  Symantec 
business  areas  —it  will  bring  some  near-term 
revenue  to  make  Wall  Street  happy  but  long¬ 
term  dilute  Symantec  resources  from  its  main 
markets.” 

But  Jon  Oltsik,  principal  analyst  at  Enter¬ 
prise  Strategy  Group,  was  upbeat  in  his  blog 


for  Network  World,  writing  that  when  you  “add 
VeriSign  to  PGP  to  Symantec,”  you  get  several 
strengths,  including,  “Symantec  can  now  cre¬ 
ate  an  infrastructure  where  any  user  or  node 
can  set  up  a  trust  relationship  with  any  other,” 
and  “Symantec  has  the  scale  and  reach  to 
marry  the  security  power  of  PKI  [public-key 
infrastructure]  with  a  global  [software-as-a- 
service],”  plus  “VeriSign  can  now  act  as  a  [cer¬ 
tificate  authority]  for  PGP  keys  as  well.” 

“Authentication?  Digital  signatures?  Non¬ 
repudiation?  Symantec  now  has  the  opportu¬ 
nity  to  take  these  geeky  terms  and  apply  their 
goodness  to  the  masses,”  Oltsik  enthused. 
“We’ve  been  talking  about  the  ‘year  of  PKI’  for 
15  years.  Symantec  now  has  the  opportunity 
to  make  it  happen.” 

The  InfoPro’s  managing  director  of  secu¬ 
rity  research,  Bill  Trussell,  was  also  generally 
positive  about  the  deal. 

“Between  PGP  and  now  VeriSign,  Syman¬ 
tec  has  filled  a  void  in  their  product  portfolio 
►  Sec  Symantec,  page  21 
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Our  growing  security  quagmire 


INFORMATION  SECURITY  was  always  an 
esoteric  field  but  with  personal  computing 
came  personal  security  issues,  culminating 
in  the  identity  theft  problem  that  concerns  even  the  most  techno-pho¬ 
bic  of  consumers.  It’s  about  to  get  much  worse. 

The  latest  interesting  areas  for  security  come  from  the  prolifera¬ 
tion  of  connected  computing  devices  into  new  areas  of  our  life:  mobile 
devices  (for  example  iPhone,  Droid,  iPad),  building  automation  (smart 
grid)  and  automotive  computing.  Up  to  now,  we’ve  worried  about  com¬ 
puters  messing  with  our  money.  Now  we  can  add  to  that  the  worry  of 
computers  tracking  our  location,  killing  our  power  and  crashing  our 
cars.  As  a  security  professional  I  am  simultaneously  appalled  and 
hopeful  for  my  job  security. 

The  iPad  and  iPhone  devices  have  really  got  people  excited  about 
handheld  computing.  But  few  people  stop  to  think  about  the  security 
implications.  No  other  device  is  as  intimately  connected  to  a  user  as 
a  smartphone.  I  often  forget  my  wallet  and  my  keys,  but  I  rarely  go 
anywhere  without  my  smartphone.  That  makes  my  phone  a  fantastic 
tool  for  location-based  personal  services,  but  also  for  ubiquitous  and 
extremely  intrusive  surveillance. 

The  specs  of  the  latest  smartphones  add  up  to  a  serious  security 
problem:  GPS,  cellular  data  and  location,  magnetic  compass,  accel¬ 
erometer,  microphone  and  video  camera.  If  you  compromise  a  device 
that  never  leaves  the  side  of  the  owner  and  contains  those  features, 
you  have  the  most  sophisticated  surveillance  system  ever  devised.  It’s 
far  worse  than  compromising  a  PC  or  reading  someone’s  e-mail.  You 
coidd  literally  bug  every  conversation  while  knowing  exactly  where 
the  user  is  and  even  if  they  are  walking  or  lying  down! 

Last  week,  researchers  at  the  University  of  Washington  and  the  UC 


San  Diego  demonstrated  the  implications  of  compromising  a  car’s 
built-in  computer  network.  All  modern  cars  have  an  embedded  com¬ 
puter  network  that  provides  diagnostic  information  and  some  remote 
control  capabilities.  The  researchers  were  able  to  control  the  engine, 
car  doors,  lights,  speedometer  and  other  functions. 

Now,  today  this  kind  of  compromise  requires  some  initial  physical 
access  to  connect  to  the  OBD-II  (On-Board  Diagnostics  II)  port  to  sniff 
and  inject  data  packets.  But  increasingly  cars  are  connected  to  wire¬ 
less  networks,  exposing  those  capabilities  to  remote  control.  One  such 
system  for  remote  control  and  access  is  OnStar,  but  it  is  easy  to  imagine 
a  world  where  every  car  does  telemetry  and  remote  control.  Are  these 
systems  secure  from  remote  compromise?  Just  recently  a  disgruntled 
employee  at  a  security  company  (not  OnStar)  remotely  disabled  hun¬ 
dreds  of  cars.  Not  very  reassuring. 

Finally,  we  are  seeing  the  rapid  deployment  of  smart-grid  and  smart- 
meter  technology,  with  the  explicitly  stated  goal  of  linking  consumer 
devices  in  the  home  with  utility  company  systems  for  energy  manage¬ 
ment,  visibility  and  consumer  control.  What  about  security?  Well  most 
security  researchers  think  that  such  infrastructure  would  be  more 
vulnerable  to  a  broad  attack  than  the  existing  grid. 

Information  security  was  once  the  domain  of  researchers  and 
defense  contractors.  When  we  invited  IT  into  every  aspect  of  our  lives, 
we  made  security  a  household  concern.  Not  that  you  shouldn’t  wel¬ 
come  the  technology  —  but  you  should  be  prepared  to  see  more  secu¬ 
rity  controls  and  concerns  in  more  areas  of  your  life  too.  ■ 

Antonopoulos  is  a  senior  vice  president  and  founding  partner  at 
Nemertes  Research,  an  independent  technology  research  firm.  He 
can  be  reached  at  andreas@nemertes.com. 
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The  latest  1&1  server  solution  for  high  performance  needs: 
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1&1®  Hexa-Core  Servers  -  using  the  latest  generation  of  AMD  six-core  processors: 


✓ 

✓ 

✓ 

✓ 


2  x  Six-Core  AMD  Opteron™ 

2423  HE  Processor 

Starting  at 

Up  to  32  GB  memory 
Up  to  2  TB  of  usable  disk  space  with  RAID  5 
Energy  efficient,  AMD-P  technology 


More  server  offers  are  available  online.  Visit  our  website  for  details. 


“Offer  valid  as  of  May  1,  2010. 12  month  minimum  contract  term  and  setup  fee  apply.  Visit  www.1and1.com  for  full  promotional  offer  details.  Program  and  pricing 
specifications  and  availability  subject  to  change  without  notice.  1&1  and  the  1&1  logo  are  the  trademarks  of  1&1  Internet  AG,  all  other  trademarks  are  the  property  of 
their  respective  owners.  ©2010  Internet,  Inc.  All  rights  reserved. 
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Major  Wi-Fi  changes  ahead 

Improved  or  new  standards,  new  frequencies  will  make  Wi-Fi  nets-more  pervasive 


BY  JOHN  COX 

ALMOST  ANY  mobile  device  you  buy  today 
either  has  a  Wi-Fi  radio  chip  in  it,  or  can  be 
fitted  with  one.  But  the  still  annoying  and 
baffling  part  of  Wi-Fi  is  that  while  it  lets  you 
move  around,  you  still  have  to  be  in  a  spot  that 
has  Wi-Fi. 

The  feverish  vision  of  Wi-Fi  networks  blan¬ 
keting  entire  cities  has  pretty  much  shriveled, 
(though  some  observers  think  federal  stimu¬ 
lus  dollars  may  re-energize  it)  even  as  mobile 
carriers  race  to  deploy  WiMAX  or,  as  even 
Clearwire  now  is  hinting,  WiMAX- like  Long 
Term  Evolution  (LTE)  networks  as  the  foun¬ 
dation  for  pervasive  wireless  connectivity. 

Yet  LTE  will  remain  a  relatively  expensive 
service.  Wi-Fi  is  becoming  a  comparatively 
low-cost,  high-bandwidth  wireless  technol¬ 
ogy  that’s  being  embedded  in  a  growing  num¬ 
ber  of  both  devices  and  locations,  including 
vehicles  and  carrier  hotspots,  like  proliferat¬ 
ing  lily  pads  of  connectivity. 

Many  of  the  immediate  changes  for  Wi-Fi 
are  those  that  will  strengthen  wireless  connec¬ 
tivity  as  an  increasingly  pervasive  “utility.” 

This  week,  for  example,  the  WiGig  Alliance 
is  announcing  the  next  moves  in  bringing  the 
Wi-Fi  to  a  new  frequency  band:  60GHz.  The 
band  will  make  it  possible  to  deliver  up  to 
7Gbps  over  relatively  short  distances,  say  the 
size  of  a  living  room  or  den. 

That’s  a  huge  increase  compared  with 
what  is  now  becoming  the  Wi-Fi  standard 
for  access  points  and  a  growing  number  of 
client  adapters:  802.11n.  The  802.11n  radios 
use  two  or  three  simultaneous  data  streams, 
and  can  merge  two  20MHz  channels  together. 
The  results  are  data  rates  that  can  start  at  over 
100Mbps  and  reach  300Mbps,  though  use- 
able  throughput  is  much  less.  By  comparison 
802.11g  and  802.11a  have  a  maximum  data 
rate  of  54Mbps  and  throughput  in  the  20M 
to  24Mbps  range  in  ideal  conditions. 

The  WGA’s  plan  is  to  support  a  rapid  indus¬ 
try  deployment  of  its  specification  into  products 
that  will  support  existing  Wi-Fi  standards,  nota¬ 
bly  802.11n,  while  adding  the  60GHz  frequency 
to  support  very  high  data  transfers  over  short 
distances.  Applications  include  wireless  I/O, 
uncompressed  video  streaming,  high-speed 
data  networking  and  the  like. 

This  week,  WGA  makes  its  1.0  specifica¬ 
tion  available  to  a  much  larger  group  of  ven¬ 
dors.  Vendors  that  agree  to  the  royalty-free 
licensing  terms  can  take  the  spec  and  begin 


developing  products  based  on  it.  The  WGA 
is  also  partnering  with  the  Wi-Fi  Alliance  to 
create  an  interoperability  testing  and  certifi¬ 
cation  program,  modeled  on  the  one  the  WFA 
has  developed  in  the  past  for  proving  compat¬ 
ibility  among  Wi-Fi  equipment. 

Later  this  month,  WGA  will  submit  to  the 
IEEE  standards  group  a  unified  proposal  to 
use  the  WGA  specification  as  the  foundation 
for  a  new  802.11  standard  supporting  multi¬ 
gigabyte  data  rates  in  60GHz.  Last  year,  the 
IEEE  created  two  new  802.11  groups,  llad 
for  the  60GHz  band,  and  llac  for  the  bands 
below  6GHz. 

The  WGA  plans  to  fully  support  the  IEEE’s 
60GHz  work,  but  if  that  work  bogs  down, 
WGA  plans  to  push  ahead,  according  to  Mark 
Grodzinsky,  marketing  work  group  chair  for 
the  WiGig  Alliance.  “We’ll  participate  actively 
in  the  IEEE  process,”  he  says.  “But  we’re  not 
going  to  wait  for  another  seven-year-long 
[standards]  process  [a  reference  to  the  lln 
approval  cycle].” 

Chips  implementing  the  WiGig  spec  would 
be  able  to  support  all  three  frequencies:  so  the 
same  radio  could  use  60GHz  for  blazingly 
fast  downloads  or  uploads  of  data  or  video, 
and  then  2.4  or  5GHz  for,  say,  Internet  or  pri¬ 
vate  cloud  connectivity. 

Sometime  in  the  next  12  to  18  months  there 
will  be  other  Wi-Fi  changes  also: 

■  Simple,  direct  connections  between  Wi-Fi 
client  devices,  bypassing  an  access  point 
or  wireless  router. 

■  The  Wi-Fi  Alliance  is  crafting  a  specifica¬ 
tion  called  Wi-Fi  Direct.  Like  Bluetooth, 
the  spec  will  include  protocols  to  let  Wi-Fi 
devices  discover  each  other  and  securely 
create  a  direct  connection  with  each 
other.  The  spec  will  support  802.11n  and 
enterprise-grade  Wi-Fi  Protected  Access 
2  (WPA2)  security.  The  WFA  will  begin 


certification  testing  for  “Direct”  in  Q3. 

■  The  current  802.11  standard  supports  a 
peer-to-peer  connection  but  it  lacks  the 
smarts  that  Wi-Fi  Direct  will  add,  and  has 
performance  and  security  trade-offs,  says 
Edgar  Figueroa,  Alliance  CEO. 

■  Improved  VoIP  support,  with  a  new  set 
of  WFA- authored  protocols  to  let  Wi-Fi 
networks  support  many  high-quality, 
concurrent  voice  calls. 

■  Wi-Fi  mesh  networks.  Mesh  connections, 
which  let  access  points  connect  directly 
to  each  other  and  transmission  hop  from 
one  to  another,  are  currently  offered 
based  on  non-standard,  often  proprietary 
protocols.  An  IEEE  standard,  802.11s, 
which  is  due  out  by  mid  2011,  will  make 
Wi-Fi  mesh  networks  simpler  to  create 
and  use.  More  widespread  use  of  a  stan¬ 
dard  mesh  will  increase  the  footprint  of 
Wi-Fi  networks,  and  by  offering  alternate 
routes,  will  improve  reliability. 

■  Improvements  in  Wi-Fi  signal  quality  and 
reliability  as  chipmakers  and  equipment 
vendors  implement  more  of  the  features 
in  802.11n.  Adding  such  arcane  capabili¬ 
ties  as  low-density  parity  check  coding, 

to  improve  error  correction,  and  transmit 
beam  forming,  which  uses  feedback  from 
a  Wi-Fi  client  to  focus  an  access  point’s 
RF  transmission,  will  lead  to  more  robust 
Wi-Fi  networks. 

■  Smarter  Wi-Fi  clients,  cooperating  with 
access  points  or  hotspots  to  improve 
performance  and  security.  The  802.11v 
standard  is  aimed  at  providing  more 
client  data,  and  power  management,  to 
incorporate  and  control  client  radios  in 
network  management.  ■ 
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Upcoming  tech  event 

One-day  IT  event  coming  to  a  city  near 
you!  Five  IT  tracks,  vendor  expo,  peer 
case  studies,  featuring:  cloud  &  virtu¬ 
alization,  convergence  &  wireless  and 
data  centers  among  others.  10  cities 
in  2010,  register  and  qualify  to  attend 
free,  events.networkworld.com 


14  MAY  24, 2010  www.networkworld.com 


.r  utsp? 


hr  ITSELF 


I  ,/ 


After  that,  J 

it  PAYS  YOUR  BUSINESS. 


HP  Color  LaserJet  CA 
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When  was  the  last  time  you  bought  something 
for  your  business  that  actually  paid  for  itself? 
Consolidate  your  existing  printing  devices  into 
one  legendary  Color  HP  LaserJet  MFP  and  save 
-on  energy,  paper,  toner,  even  IT  time -while 
bringing  professional  print  jobs  in  house.  Invest 
in  HP  LaserJet.  It  pays  you  back.*  Find  out  how 
at  www.hp.com/go/paysback 
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2010  Hewlett-Packard  Development  Company,  L,P.  'Savings  based  on  printing  50  copies  of  a  brochure  (double-siddd  and  on  special  glossy  media)  1 2  times  per  month  oh  the  HP  Color  LaserJet  C 
MFP  compared  to  average  retail  copy  shop  pricing.  Additional  savings  from  Instant-on  Technology,  two-sided  printing  and  HP  Smart  Web  Printing.  Actual  results  may  vary.  Source  of.  Copy  shop  prici 
Infotrends  Cost  of  Print  Studies',  March  2009.  Go  io  www.hp.com/go/printcosts  for  more  details.  ,  !  '  ,  .'.j  v., 
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The  Smarter  Choice 


In  an  Unpredictable  World, 
You  Need  a  Network 
You  Can  Count  On. 

RCN  Metro  provides  highly  reliable,  customized 
communications  solutions  for  your  most 
important  business  needs.  No  other  provider 
can  match  our  network  diversity,  award¬ 
winning  service  and  industry  expertise. 

Our  customers  wisely  stake  their  reputation  on 
us  every  day.  We  think  you  should  too. 


METRO 

Optkal  Network* 


For  a  better  way  to  communicate, 
call  us  888-955-6871.  We’ll  provide 
you  with  a  FREE  consultation  and 
help  you  identify  ways  to  improve 
your  current  communications  service. 

www.rcnmetro.com 


FCC’s  ‘third 
wav’:  Trying 
to  be  partially 
pregnant? 

IN  THE  aftermath  of  an  all-too-predictable  appeals  court  decision 
overturning  the  FCC’s  Comcast  ruling,  a  majority  of  FCC  commis¬ 
sioners  announced  that  they  have  discovered  a  new  path  to  the  land 
of  net  neutrality.  Also  predictably,  most  of  the  usual  network  neu¬ 
trality  opponents  have  gone  into  a  full-bore  tizzy  —  and,  as  is  nor¬ 
mally  the  case  with  full-bore  tizzy,  accuracy  has  been  a  casualty. 

If  one  were  to  read  the  statements  by  the  telephone  carriers  and 
some  in  Congress  the  FCC  is  actively  trying  to  kill  the  Internet 
through  over-regulation.  It  is  hard  to  see  the  FCC’s  actual  proposal 
in  the  picture  they  paint. 

The  FCC  is  not  really  proposing  to  regulate  all  that  much,  “just”  the 
underlying  transport  of  Internet  traffic.  At  least  that  is  what  it  says  in 
the  30,000-foot  descriptions  of  its  plans  released  so  far.  The  picture 
might  be  a  bit  more  complex  when  the  FCC  releases  actual  details. 

Since  all  of  the  big  telephone/ISPs  say  they  will  not  be  unfair 
to  their  customers,  and  the  FCC  says  it  wants  to  ensure  that  carri¬ 
ers  will  not  be  unfair  to  their  customers,  one  might  have  expected 
that  the  carriers  should  be  willing  to  go  along  in  order  to  establish 
a  defined  set  of  rules  to  govern  the  playpen.  But,  from  what  I  can  tell, 
the  carriers  do  not  trust  the  FCC  (not  trust  government  regulators? 
The  very  idea  astonishes  me.).  Or  maybe,  they  don’t  trust  a  future 
FCC.  The  carriers  fear  that  the  FCC  could  suddenly  decide  to  expand 
regulation  beyond  transport  to  tariffs  or  peering  or  whatever.  In 
other  words  they  see  the  FCC  as  claiming  to  only  be  partially  preg¬ 
nant  with  new  regulatory  directions. 

Of  course,  in  doing  so,  they  are  doing  exactly  what  they  accuse  the 
pro  network  neutrality  people  of  doing.  The  carriers  say  that  there  is 
no  problem  to  be  solved  because  the  carriers  are  always  fair  and  that 
the  pro  network  neutrality  folks  are  just  worrywarts.  It  is  not  unrea¬ 
sonable  to  say  that  both  sets  of  worries  may  have  some  justification. 

The  carriers  have  not  always  been  fair,  one  specific  example  — 
Comcast  trashing  BitTorrent  —  got  us  into  the  particular  situation. 
A  number  of  other,  albeit  smaller,  examples  of  the  problem  have 
come  up  over  the  last  few  years.  On  the  other  hand,  it  is  a  bit  hard 
to  imagine  a  government  regulator  holding  off  forever  if  it  thinks  it 
has  the  authority  to  regulate  —  it  would  be  counter  to  the  nature  of 
regulators. 

To  date,  the  FCC  has  held  off  most  regulations  of  the  Internet  but, 
even  in  his  letter  describing  the  low-impact  “third  way”  for  Inter¬ 
net  regulation,  FCC  Chairman  Julius  Genachowski  listed  six  policy 
initiatives,  most  of  which  would  involve  some  level  of  regulation 
of  parts  of  the  Internet  community  if  they  are  to  be  successful.  So 
maybe,  the  carriers  ax-e  right  to  be  somewhat  mistrustful. 

It  is  far  from  unusual  for  people  trying  to  affect  the  policy-making 
process  in  Washington,  D.C.,  to  vastly  over-state  and  over-simplify 
the  dangers  of  a  particular  policy  path,  or  of  not  following  a  policy 
path.  It  makes  rational  discourse  a  challenge,  but  we  are  talking 
about  discourse  in  Washington,  where  calm  and  rationality  are 
always  as  endangered  as  incumbents  seem  to  be  this  year. 

Disclaimer:  Harvard  is  well  represented  in  the  ranks  of  the  endan¬ 
gered  incumbents  as  well  as  in  the  ranks  of  their  challengers.  They 
may  have  left  Harvard  rational,  but  I  make  no  claims  as  to  their  cur¬ 
rent  states  or  to  any  university  view  of  the  FCC  plans  or  claims.  ■ 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can 
be  reached  at  sob@sobco.com. 
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Staffing  firm  boots  PBXs,  reaps  VoIP  savings 

BYTIM  GREENE 


Aquent  centralizes  phones  with  M5 

Aquent  signed  up  for  hosted  VoIP  from  M5  and  expects  to  save  $20,000  per 
month  on  its  phone  service  as  well  as  gain  features  shown  below: 


New  POP  is 
equivalent  to  a 
single,  corporate¬ 
wide  PBX. 


M5  POP 


Now  gets  fully 
meshed  WAN 
services. 


Aquent  branch 


Branches  have  unified 
voicemail,  a  single  phone 
numbering  system, 
forwarding  to  mobile 
phones,  but  no  on-site  PBX. 
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BOSTON  —  When  staffing  firm  Aquent 
scrapped  its  decentralized  phone  system  for 
an  outsourced  VoIP  service  it  saved  $20,000 
per  month,  expanded  the  features  of  its  video- 
conferencing  system  and  enhanced  function¬ 
ality  of  its  ERP  system  in  one  fell  swoop. 

The  service  from  hosted  VoIP  provider  MS 
Networks  also  lets  the  company  easily  pass 
calls  geographically,  support  disaster-recov¬ 
ery  for  the  phone  system  and  offer  central¬ 
ized  voice  mail  that’s  integrated  with  e-mail, 
says  Larry  Bolick,  Aquent’s  CIO. 

The  company  had  a  mix  of  Nortel  and 
Inter-Tel  PBXs  at  its  40  North  American 
sites  serving  800  employees  and  400  to  500 
phones.  The  PBXs  were  nearing  the  end  of 
their  useful  lives  when  the  company  decided 
to  change  its  business  structure  so  that  its 
different  lines  of  business  were  handled  by 
dispersed  teams  located  in  different  offices. 

That  meant  the  teams  needed  better  ways 
of  communicating  with  each  other.  For  exam¬ 
ple,  if  a  member  of  the  marketing  team  wasn’t 
available,  incoming  calls  had  to  be  directed 
to  another  member  of  the  team  regardless  of 
where  that  member  was  located. 

Similarly,  the  new  system  needed  to  be 
able  to  forward  calls  to  other  devices  such  as 
handhelds,  and  to  send  voice  mail  as  e-mail 
attachments  so  practice  members  could 
always  be  reachable. 

Bolick  wanted  to  move  to  a  phone  service 
with  all  the  gear  except  handsets  based  in  the 
provider’s  network  to  minimize  capital  outlay 
and  maintenance  costs.  He  wanted  to  move 
to  VoIP  to  reap  benefits  of  integrating  com¬ 
munications  with  other  business  processes. 
Call-detail  records  gathered  company-wide 
that  can  be  tapped  by  the  enterprise  resource 
management  system,  for  instance,  will  result 
in  better  tracking  of  workflows,  he  says. 

Level  3  offered  a  service  he  wanted  to  test, 
but  after  several  delays  it  couldn’t  deliver. 
He  considered  a  Cisco  infrastructure  to 
support  iPhones  under  a  BlackBerry  enter¬ 
prise  model,  but  the  initial  investment  — 
$300,000-  plus,  in  addition  to  monthly  fees 
of  $50, OOO-plus  —  was  too  high. 

Fonality  had  no  enterprise  product,  but 
he  liked  that  it  could  back  up  configurations 
over  the  Internet.  Aquent  tried  it  in  four 
sites,  but  full  deployment  would  have  meant 
a  Fonality  box  at  each  site,  and  Bolick  says  he 
was  pretty  sure  he  could  find  a  provider  to 
host  across  all  sites  without  local  gear. 

He  looked  at  service  providers  Packet  8 


and  Press  8  but  both  were  meant  for  smaller 
businesses. 

He  looked  at  outsourcing  with  DSCI,  M5 
and  Whaleback  Systems.  Whaleback  was 
ruled  out  because  it  required  purchasing 
hardware  that  would  be  arranged  in  regional 
hubs  and  spokes  rather  than  a  single,  cen¬ 
trally  managed  network. 

DSCI  was  based  on  open  source  and 
seemed  like  a  good  fit,  but  M5  had  more  “nice¬ 
ties”  in  its  offering,  Bolick  says.  Among  these 
were  a  flat  fee  for  unlimited  users,  trans-office 
hunt  group  support,  a  unified  numbering 
plan,  redirection  of  calls  to  mobile  phones 
and  browser-based  call  control. 

The  new  system  runs  in  part  over  an  AT&T 
MPLS  network  that  connects  about  30  of 
the  offices.  The  other  10  sites  connect  over 
the  Internet  via  dedicated  business-grade 
768Kbps  DSL  or  cable  connections.  This  band¬ 
width  ensures  that  voice  won’t  be  affected  by 
competing  bursts  in  data  traffic,  he  says. 

$20,000  savings  per  month 

Aquent  expects  savings  of  $20,000  per  month 
once  the  M5  transition  is  completed.  Most  of 
the  inter-office  communication  before  was 
via  e-mail,  and  most  phone  calls  were  made 
within  50  miles  of  the  offices.  Some  of  the  sav¬ 
ings  would  come  from  using  the  less  expen¬ 
sive  data  network  to  run  voice  and  eliminat¬ 
ing  the  local  dedicated  phone  lines. 

Before,  eight  or  nine  offices  had  a  T-l  or  two 
depending  on  size,  and  the  rest  had  up  to  a 
dozen  or  so  analog  phone  lines  but  lacked 
enough  traffic  to  warrant  T-ls. 


The  company  already  had  a  Tandberg 
videoconferencing  infrastructure  featuring 
either  32-  or  42-inch  high-definition  screens 
that  use  768Kbps  over  the  MPLS  network  or 
768Kbps  dedicated  local  links  to  connect. 

Bolick  plans  to  expand  use  of  videocon¬ 
ferencing  by  integrating  it  with  the  VoIP 
network.  Linking  the  video  to  scanning  will 
enable  candidates’  graphics  portfolios  to  be 
viewed  remotely  during  video  interviews, 
he  says. 

Integrating  the  phone  system  with  enter¬ 
prise  resource  management  software  will 
enable  Aquent’s  customized  Web  Wall  ERP 
to  automatically  gather  stats  about  e-mails, 
phone  calls  and  scheduled  visits,  and  that 
knowledge  will  help  business  processes  run 
more  smoothly. 

Before,  phone  use  records  were  difficult 
to  compile  because  they  were  kept  office  by 
office  within  each  PBX.  Now,  Bolick  says,  it’s 
easy  to  create  reports  across  all  offices. 

He  wanted  the  new  phone  system  to 
improve  business  continuity  plans  as  well, 
forwarding  calls  from  offices  closed  for  snow 
storms,  for  example. 

The  switchover  to  the  M5  service  was  done 
in  two  phases.  The  first  involved  five  trial 
offices  that  were  chosen  for  diversity  of  size, 
location  and  type  of  WAN  connection. 

Phase  two,  now  nearing  an  end,  calls  for 
cutting  over  two  or  three  offices  per  week. 
That  meant  starting  six  weeks  ahead  with 
prep  work  by  EIS  staff  to  upgrade  cabling  to 
Cat  5  or  better  as  needed  and  to  install  Power 
over  Ethernet  switches.  ■ 
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Outsourcing  IT  management: 
Is  the  time  right? 


THE  NEED  TO  REDUCE  COSTS  while 
being  more  productive  has  been  the 
primary  motivator  for  IT  departments 
to  selectively  outsource  IT  manage¬ 
ment  functions,  and  most  adopters 
find  it  does  more  than  save  money. 

IT  departments  today  are  under 
tremendous  pressure  not  just  to 
provide  uninterrupted  technology 
services,  but  also  to  do  everything 
from  enhance  customer  service  to 
help  take  market  share  from  competi¬ 
tors.  But  few  IT  departments  have  the 
manpower  or  skills  to  provide  the 
full  range  of  services  they  are  being 
asked  to  deliver,  hence  the  interest  in 
outsourcing  specific  tasks. 

Outsourcing  can  help  fill  the  gaps 
while  also  saving  money.  The  sav¬ 
ings  are  accomplished  in  many  ways,  including  reduced  downtime, 
access  to  experienced  experts  on  an  as-needed  basis,  streamlined 
procedures  and  the  overall  efficiencies  that  come  from  a  proactive 
approach  to  infrastructure  support.  Some  savings  reflect  harsh  real¬ 
ities.  A  manufacturer  in  the  Northeast,  for  example,  more  than  offset 
the  cost  of  a  $38,000  monthly  managed  services  fee  by  subtracting 
the  salaries,  benefits  and  training  of  seven  full-time  employees. 

Beyond  the  savings,  strategic  outsourcing  also  delivers  mea¬ 
surable  IT  productivity  gains  by  enabling  the  group  to  redeploy 
skilled  staff  from  mundane  tasks,  such  as  monitoring  routers  and 
resolving  user  problems,  to  strategic  projects  that 
use  their  core  competencies  to  directly  support 
business  initiatives. 

If  you  ask  a  CIO  what  his  job  is,  he’ll  tell  you  it’s  to 
serve  his  customers  better.  That’s  the  new  starting 
point.  Using  technology  to  better  serve  customers 
is  —  or  should  be  —  the  IT  department’s  core  com¬ 
petency,  and  this  is  where  it  should  focus  its  atten¬ 
tion,  not  on  routine  infrastructure  management. 

Your  CFO  will  tell  you  that  every  asset,  includ¬ 
ing  every  device  and  every  employee,  has  to  be 
allocated  to  a  source  of  revenue.  Outsourcing 
select  services  is  one  way  IT  departments  can  align 
themselves  with  growing  the  business. 

Some  of  the  reservations  people  have  about  out¬ 
sourcing  come  from  the  early  days  of  the  boom  in 
the  managed  services  market  when  start-ups  that 
were  little  more  than  two  guys  with  beepers  and  a 

►  See  Flood,  page  20 


THE  ANSWER:  NO  AND  YES.  Forrester 
research  is  a  proponent  of  what  we  call 
strategic  rightsourcing,  the  strategy  of 
carving  out  commodity  functions  that 
offer  little  business  advantage  and 
hiring  third  parties  to  perform  those 
functions. 

Performing  such  work  yourself  is 
economically  unviable.  This  differs 
from  traditional  outsourcing  because 
it  is  more  targeted,  standardized,  and 
governed  by  policies  and  provision¬ 
ing  that  are  more  flexible  to  change 
and  more  tightly  integrated  into  the 
internal  strategic  functions. 

IT  management  can  fit  the  targeted 
definition  for  commodity  candidates 
for  outsourcing  in  this  model  —  some 
functions  are  indeed  commodities, 
such  as  basic  infrastructure  monitoring  —  however,  many  are 
more  strategic  and  should  remain  in-house,  such  as  automation 
orchestration  and  service  portfolio  management. 

Furthermore,  the  interfaces  that  bind  the  many  functions 
together  (human  or  software)  must  be  strong  to  enable  manage¬ 
ment  outsourcing.  Unfortunately,  most  enterprises  have  interfaces 
that  are  fragile,  if  they  exist  at  all.  Overall  process  discipline  and 
the  integrated  orchestration  of  IT  services  must  improve  regard¬ 
less  of  any  sourcing  decisions. 

Functional  flaws  will  be  amplified  as  the  world  becomes  more 
dynamic  and  as  IT  embarks  upon  the  strong  man¬ 
date  to  become  more  entwined  with  business 
execution.  Fixing  these  flaws  internally  is  difficult. 
Handling  such  handoffs  with  third  parties  is  more 
complex.  If  you  can’t  do  it  internally,  you  will  never 
do  it  well  with  third  parties. 

IT  management  can  fit  the  targeted  definition 
for  commodity  candidates  for  outsourcing  in  this 
model,  but  be  careful  in  how  it  is  approached  and 
executed.  Some  management  functions  are  indeed 
commodities  (for  example,  basic  infrastructure 
monitoring  and  sometimes  the  service  desk),  how¬ 
ever,  many  are  more  strategic  and  should  remain 
in-house  (for  example,  overall  automation  orches¬ 
tration  and  service  portfolio  management). 

Weaknesses  in  negotiating  terms  and  condi¬ 
tions  as  well  as  service-level  agreements  will  kill 
any  outsourcing  relationship.  Indeed,  this  is  the 

►  See  O’Donnell, page 20 
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►  Flood ,  from  page  19 

couple  of  Wintel  servers,  jumped  into  the  market.  Surrendering 
control  of  information  services  to  this  early  wave  of  managed  ser¬ 
vice  providers  proved  to  be  a  bad  risk  on  many  counts. 

Those  days,  and  those  guys,  are  gone.  The  market  in  managed 
services  has  matured  and  become  increasingly  competitive.  Tech¬ 
nologically  and  fiscally  strong  outsourcing  providers  today  can  be 
trusted  with  your  information  services. 

Strategic  outsourcing  is  not  a  handoff.  It’s  a  partnership.  The  tech¬ 
nology  for  outsourcing  select  services  —  such  as  server  and  stor¬ 
age  back-ups,  e-mail  management,  security  and  help  desk  —  has 
evolved  to  keep  you  in  control  at  all  times.  The  ability  to  customize 
all  aspects  of  selected  services  gives  you  the  flexibility  to  develop 
coverage  that  fits  your  unique  situation  exactly,  and  then  change  the 
coverage  as  your  situation  changes. 

New  IT  service  management  tools,  for  example,  not  only  pro¬ 
vide  enhanced  portal  functionality  for  ticket  handling,  ticket 
timers  and  workflow,  but  also  allow  customers  to  apply  all  of  the 
ITIL  v3  best  practices  to  systems  they’re  supporting  on  their  own, 
essentially  delivering  state-of-the-art  service  management  effi¬ 
ciencies  right  out  of  the  box. 

It  may  have  taken  bad  economic  news  to  drive  some  IT  depart¬ 
ments  to  outsource  select  services  as  a  way  to  cut  costs.  But  the 
good  news  is  that  outsourcing  services  also  enables  IT  to  escape 
the  revolving  door  of  crisis-to-crisis  management.  Strategic  out¬ 
sourcing  offers  the  long-term  opportunity  to  gain  competitive 
advantage.  ■ 

Flood  is  president  and  CEO  of  Logicalis  in  Farmington  Hills, 

Mich.,  an  international  provider  of  integrated  information  and 
communications  technology  (ICT)  solutions  and  services. 


►  O’Donnell ,  from  page  19 

primary  reason  outsourcing  has  earned  such  a  poor  reputation. 
The  problem  is  not  with  the  outsourcers  as  much  as  with  custom¬ 
ers  that  lack  the  planning  and  execution  such  situations  demand. 
Ambiguity  favors  the  vendor,  not  the  customer.  Be  crystal  clear 
about  everything  and  plan  for  worst-case  scenarios. 

Automation  is  more  attractive  than  outsourcing.  If  a  commod¬ 
ity  function  can  be  automated,  following  that  path  is  usually  less 
painful  than  outsourcing  it.  You  can  retain  control,  execute  with 
confidence,  and  realize  significant  labor  savings. 

Unless  your  enterprise  is  very  small,  do  not  contract  anyone  to 
perform  monitoring  and  data  collection  (for  example  CMDB)  in 
a  fully  remote  model.  Such  architectures  will  require  privileged 
access  to  many  of  your  resources  and  result  in  a  flood  of  data. 

A  hybrid  model  is  better,  with  some  type  of  instrumentation 
installed  on  your  premises  to  do  the  work  of  polling,  collection 
and  hopefully  some  processing.  The  best  way  to  implement  this  is 
via  a  self-contained  appliance.  The  remote  party  can  control  this 
appliance  and  manage  reporting  remotely. 

If  your  only  goal  for  outsourcing  is  to  save  money,  you  will  be 
disappointed.  Almost  all  who  pursue  this  myopic  approach  spend 
more  in  the  end.  Out-of-scope  work  adds  up  and  vendor  manage¬ 
ment  costs  are  usually  underestimated. 

Outsourcing  IT  management  can  be  beneficial,  but  it  isn’t  the 
cure-all  that  many  suppliers  profess  and,  if  you  get  it  wrong,  the 
results  can  be  devastating.  Proper  planning  and  preparation  will 
mean  the  difference  between  success  and  failure.  ■ 

O'Donnell  is  a  senior  analyst  at  Forrester  Research,  where  he 
serves  infrastructure  and  operations  professionals.  He  will  be 
speaking  at  Forrester's  IT  Forum,  May  26-28,  in  Las  Vegas. 


Why  Do  Anything? 

©  Why  work  on  the  strategic  initiatives? 
Can't  you  get  cost  savings  and  innova¬ 
tions  by  outsourcing  that  too?  Why  keep 
core  business  operations  in  house?  They 
can  all  be  done  better  and  cheaper  by 
someone  else.  Let's  outsource  the  people 
who  write  article’s about  outsourcing. 
Let's  outsource  our  government.  Let's 
outsource  our  schools,  the  fire  depart¬ 
ments,  the  libraries,  the  health  care 
system,  our  banking,  our  parenting 
responsibilities,  etc.  What  do  we  really 
have  in  business  or  society  anymore  that 
we  can't  simply  outsource  and  make 
someone  else's  problem?  -  ANON 

But  wait  a  minute... 

©  Why  do  companies  use  virtualization 
technology?  Because  hardware  dedicated 
to  a  single  purpose  is  underutilized.  When 
you  can  fully  utilize  a  given  resource,  you'll 


find  that  you  probably  need  fewer  of 
them  to  carry  the  load  than  you  would 
partially  utilizing  many  resources.  Is 
every  single  IT  guy  at  every  small  to 
mid-sized  company  utilized  at  100%? 
Absolutely  not.  There  is  a  lot  of  spare 
capacity  that  *could*  be  used  to  service 
more  than  one  company’s  needs.  In  the 
process,  they  could  much  more  quickly 
develop  best  practices  and  do  a  better 
job  with  better  information  and  empirical 
evidence  than  you  could  obtain  on  your 
own  with  in-house  staff.  It's  an  idea  that 
has  merit.  As  with  anything,  it  will  only 
work  well  if  it  is  managed  well.  —  ANON 

On  the  ground  floor 

©  I  have  seen  and  been  a  part  of  many 
outsourcing  situations  on  both  sides  and 
I  can  say  about  90%  of  the  time  it's  a 
complete  sham.  Outsourcing  is  very  suc¬ 
cessful  when  the  jobs  or  processes  you 
are  outsourcing  are  very  mature,  repeat- 


able  and  measurable.  These  are  com¬ 
moditized  services  that  are  very  easy  to 
outsource  to  save  costs,  free  up  resourc¬ 
es  and  so  on.  Little  known  fact:  technol¬ 
ogy  services  are  NOT  a  commodity  until 
you  invest  to  make  them  one.  Unfortu¬ 
nately  outsourcing  is  usually  a  tool  to  cut 
costs  without  thought,  an  attempt  to  buy 
maturity  or  simply  a  way  for  management 
not  to  be  accountable.  I  have  seen  many 
businesses  get  stale  because  customers 
are  furious  they  are  not  getting  results, 
but  executives  hide  behind  their  SLAs 
that  the  business  never  truly  understood. 
Those  SLAs  are  usually  created  by  or  with 
much  input  from  the  vendor  providing 
service  so  it  is  rare  the  SLA  is  breached. 
Since  the  numbers  show  “success."  you 
become  locked  in  no  matter  how  much 
actual  pain  the  business  is  feeling.  Failure 
is  swept  under  the  rug  until  business 
management  gets  frustrated  enough 
to  make  a  change.  You  can  outsource 
responsibility,  but  not  accountability  and 
it  will  come  back  to  you  eventually.  -  DJC 
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VA  disconnects  Sprint’s  voice,  data  services 


BY  CAROLYN  DUFFY-MARSAN 

THE  U.S.  Department  of  Veterans’  Affairs 
will  complete  a  major  network  transition  this 
fall,  migrating  from  Sprint  as  its  primary  ser¬ 
vice  provider  to  a  new  architecture  that  splits 
telecom  traffic  across  three  other  carriers: 
AT&T,  Qwest  and  Verizon. 

The  migration  is  significant  given  the  size 
of  VA’s  network,  which  links  more  than  150 
hospitals,  780  outpatient  clinics  and  regional 
offices  around  the  country.  The  network  sup¬ 
ports  high-bandwidth,  high-security  applica¬ 
tions  used  by  VA’s  300,000-plus  employees. 

The  VA’s  network  migration  is  a  sign  of 
the  times  for  federal  agencies,  which  are  in 
the  process  of  transitioning  from  the  expir¬ 
ing  FTS2001  telecom  contracts  to  Networx,  a 
10-year,  $20  billion  program  offering  cutting- 
edge  voice,  data,  video  and  wireless  services. 

While  the  VA  is  near  completion  on  its 
network  overhaul,  many  other  federal  agen¬ 
cies  are  behind  schedule  in  migrating  from 
FTS2001  to  Networx.  The  issue  is  attract¬ 
ing  the  attention  of  the  House  Oversight  and 
Government  Reform  Committee,  whose  chair 
said  that  62%  of  the  Networx  transition  effort 
is  incomplete.  The  committee  plans  to  hold  a 
hearing  on  Networx  migration  issues  in  May. 

With  demand  for  capacity  growing  at  a  clip 
of  6%  a  month,  the  VA’s  network  is  at  the  heart 
of  the  agency’s  mission  of  providing  health¬ 
care  and  other  benefits  to  an  estimated  23  mil¬ 
lion  U.S.  veterans.  The  network’s  key  appli¬ 
cation  is  the  VA’s  electronic  medical  records 
system  known  as  VISTA. 

The  VA  chose  to  do  a  like-for-like  network 
transition  using  the  Networx  Universal  con¬ 
tract,  which  is  held  by  AT&T,  Qwest  and  Veri¬ 
zon.  Sprint,  the  VA’s  incumbent  carrier,  was 
the  only  bidder  that  lost  Networx  Universal 
in  2007. 

The  VA  -ended  up  with  multiple  carriers 
because  it  split  its  network  services  into  three 
categories  (see  graphic)  and  bid  each  one  sepa¬ 
rately  under  Networx  Universal. 

The  VA  has  not  experienced  any  network 
outages  related  to  its  Networx  transition, 
says  Dave  Cheplick,  a  director  within  the  VA’s 
Office  of  Information  and  Technology. 

Cheplick  says  one  key  to  having  the  migra¬ 
tion  go  so  smoothly  is  having  a  solid  inven¬ 
tory  of  its  network  services.  “The  better  your 
inventory  is  across  the  entire  enterprise,  the 
better  able  you  are  to  make  determinations  of 
how  to  scope  your  level  of  effort  to  ensure  you 
are  getting  the  best  value  in  obtaining  services 
from  the  carriers,”  he  says. 

Because  its  network  is  so  big  and  complex, 


The  VA’s  network 
service  breakdown 

■  Wide-area  network  was  awarded  to 
AT&T  for  an  estimated  $120  million. 

■  Toll-free  and  inbound/outbound 
voice  services  were  awarded  to 
Qwest.  This  deal  was  estimated  at 
$60  million  in  2008. 

■  Call-center  services  were  awarded 
to  Verizon  in  a  deal  estimated  at  $21 
million. 

■  Software  for  managing  physical 
and  virtual  systems,  network  and 
security  configuration,  and  monitor¬ 
ing  and  troubleshooting;  services  for 
support,  education,  network  con¬ 
sulting  and  account  management. 


the  VA  chose  to  do  a  like-for-like  network 
transition  and  then  upgrade  technology  after¬ 
wards.  Cheplick  says  other  network  operators 
may  be  able  to  switch  carriers  and  handle  net¬ 
work  upgrades  and  optimization  in  one  step. 

“We  were  not  ready  to  make  a  decision 
about  full  VoIP  implementation,  therefore  we 
stayed  like-for-like  in  terms  of  capabilities,” 
Cheplick  explains. 

The  VA  says  it  is  reaping  the  benefits  of  the 
lower  prices  on  Networx,  which  is  helping  off¬ 
set  the  cost  of  growing  network  capacity. 

“When  you  break  up  large  telecom  packages 
into  smaller  services  and  components,  you 
should  be  getting  a  better  deal,  ”  says  Ray  Bj ork- 
lund,  senior  vice  president  of  Fed  Sources.  “You 
have  to  trade  that  off  against  what  possible 
impact  it’s  going  to  create  on  your  oversight 
and  contract  management  downstream.  But  it 
may  make  more  sense  economically  and  prob¬ 
ably  in  contractor  performance.” 

Biggest  loser:  Sprint 

The  biggest  loser  in  the  VA’s  transition  from 
FTS2001  to  Networx  is  Sprint.  Losing  federal 
business  such  as  the  VA’s  has  contributed  to 
Sprint’s  losses  over  the  last  three  years. 

The  VA  had  Sprint  as  its  sole  carrier  from 
the  late  1990s  until  2007,  when  the  agency 
began  moving  to  a  multi-carrier  strategy  to 
improve  its  network  redundancy  and  reliabil¬ 
ity.  That’s  when  VA  awarded  AT&T  a  contract 
for  MPLS-  based  data  services. 

By  this  fall,  the  agency  will  quit  using  Sprint 
altogether  for  wireline  services. 


Cheplick  says  the  VA  has  taken  two  years 
to  migrate  to  the  Networx  contract  because  its 
network  is  so  big. 

“It’s  10  years  worth  of  inventory,”  Cheplick 
says.  “If  you’re  doing  a  physical  transition 
from  one  carrier  to  another,  there  are  work¬ 
load  issues.  T-ls  take  60  days  to  order,  DS-3s 
take  90  days,  and  OC-3s  can  take  120  days  or 
more.  Just  making  sure  you’ve  got  all  of  that 
lined  up  so  the  carriers  can  work  on  it  takes 
a  while.” 

Cheplick  says  the  VA  has  migrated  1,300 
WAN  circuits  from  Sprint  to  AT&T  or  Qwest, 
with  just  200  left  to  be  transitioned.  “We 
expect  that  to  be  complete  sometime  in  the 
July  timeframe,”  he  says. 

In  terms  of  voice  services,  the  VA  has  tran¬ 
sitioned  200,000  lines  from  Sprint  over  to 
Qwest.  “It  is  our  expectation  that  we  will  com¬ 
plete  transition  of  our  voice  services  from 
Sprint  over  to  Qwest  in  the  September/Octo¬ 
ber  time  frame,  and  then  we  will  proceed  with 
the  remaining  disconnect  orders  that  need  to 
be  processed  through  the  fall  of  2010,”  Chep¬ 
lick  says. 

Sprint  says  VA  will  remain  “a  very  sub¬ 
stantial  customer”  for  its  wireless  services, 
which  the  agency  has  not  yet  migrated  to  the 
Networx  contract.  ■ 


►  Symantec,  from  page  12 
that  left  it  at  a  disadvantage  in  its  competi¬ 
tion  with  McAfee,”  Trussell  says,  adding, 
“Our  data  indicates  that  the  enterprise 
community  is  ripe  for  a  viable  alterna¬ 
tive  to  token-based  systems.  This  would 
also  serve  well  in  a  cloud-based  service 
environment.” 

DeSouza  says  about  900  employees 
from  VeriSign  are  expected  to  join  Syman¬ 
tec’s  enterprise  security  team.  While  PGP 
and  VeriSign  are  both  in  the  PKI  business, 
VeriSign’s  focus  is  on  hosted  PKI  and 
authentication,  deSouza  says. 

The  strategy  in  the  VeriSign  acquisition 
is  to  further  “identity-aware”  security,  he 
says.  “The  certificate  becomes  a  foundation 
for  identity.” 

The  VeriSign  certificate  services  match 
up  well  with  Symantec’s  Critical  System 
Protection  for  hardening  client  and  server 
installations  and  Protection  Suite  for 
Servers,  Symantec  is  eager  to  point  out. 
Symantec  appears  ready  to  embark  on 
many  projects  in  the  future  to  show  how 
PKI  and  certificate-based  authentication 
services  can  be  used  in  novel  ways.  ■ 
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►  Juniper,  from  page  1 

ports”  vs.  enabling  server-to-server  interaction, 
he  said.  “It’s  slow.” 

So  Juniper  needs  to  deliver  sooner  rather 
than  later  on  the  bold  pronouncements  it 
made  last  week,  last  fall  at  customer  site  New 
York  Stock  Exchange  and  over  a  year  ago  at 
the  Stratus  launch. 

Early  signs  are  promising.  One  example: 
Juniper  beat  Cisco  in  landing  the  NYSE 
account,  a  demanding  environment  in  which 
latency  cannot  be  tolerated  when  billions  of 
stock  market  trades  are  executed  daily. 

Juniper,  well  known  as  the  No.  2  vendor 
behind  Cisco  of  routers  to  service  providers, 
has  been  gaining  steam  in  enterprise  routers 
and  switches  as  well.  In  enterprise  routers, 
Juniper  is  No.  2  to  Cisco,  albeit  a  distant  sec¬ 
ond,  with  5%  share  of  the  $790  million  world- 


Data  center  deluge 


wide  market  in  the  fourth  quarter  of  2009 
compared  with  Cisco’s  83%,  according  to 
Dell’Oro  Group.  HP/3Com  was  third  at  3%. 

In  Ethernet  switches.  Juniper  has  steadily 
been  building  market  share  since  entering 
the  business  in  early  2008.  Its  share  climbed 
from  0.3%  in  2008  to  1.2%  in  2009,  according 
to  Dell’Oro,  allowingjuniper  to  surpass  long¬ 
time  player  Enterasys  and  Blade  Network 
Technologies,  while  catching  up  to  Extreme 
Networks  and  Huawei.  Cisco  still  has  a  hold 
on  market  leadership,  with  about  70%  share. 

Juniper  seeks  to  make  more  headway  by 
addressing  what  it  sees  as  a  need  for  a  new  net¬ 
work  architecture  optimized  for  virtualized 
data  centers  —  an  architecture  that  increases 


performance  while  reducing  costs,  and  facili¬ 
tates  more  server-to-server  —  rather  than 
switch-to-switch  —  interaction.  At  the  heart  of 
this  architecture  is  a  reduction  in  the  layers  of 
networking  in  the  data  center,  from  three  lay¬ 
ers  —  access,  aggregation  and  core  —  to  two 
and  then  eventually  to  one,  and  that’s  where 
Juniper  is  headed  with  its  Project  Stratus.  Juni¬ 
per  says  that  $1  billion  of  the  $4.8  billion  spent 
on  data  center  switching  is  for  aggregation  — 
the  layer  Juniper  seeks  to  extract. 

“It’s  clear  to  the  industry  that,  because  of 
server  virtualization,  a  new  network  needs  to 
emerge,”  says  Cindy  Borovick,  a  data  center 
analyst  at  IDC.  Juniper’s  announcement  “is  a 
reaffirmation  of  that,  with  proof  points.” 

Juniper  last  week  announced  products  that 
can  deliver  a  two-tier  data  center  architecture 
this  year:  a  48-port  10G  Ethernet  top-of-rack 


switch,  a  40-port  10G  Ethernet  module  for 
the  chassis-based  EX  8200  core  switch  and  an 
Ethernet  router  for  interconnecting  data  cen¬ 
ters  with  ASICs  tuned  for  high-performance 
support  of  virtualization,  server/storage/net- 
work  convergence  and  lossless  Ethernet. 

ASICs  and  Junos  software  in  all  of  the  new 
products  are  designed  to  support  FibreChan- 
nel-over-Ethernet  (FCoE)  for  storage/net¬ 
work  convergence.  Junos  will  have  FCoE- 
specifie  hooks  in  it  in  the  second  half  of  this 
year,  Juniper  says. 

Juniper  says  the  top-of-rack  EX  4500  has 
one-fifth  of  the  latency  and  22%  lower  cost 
than  Cisco’s  Nexus  5000.  The  EX  4500  is 
also  Converged  Enhanced  Ethernet  (CEE) 


and  Data  Center  Bridging  (DCB)  “capable,” 
and  44%  more  power  efficient  than  Cisco’s 
Nexus  5000,  Juniper  says. 

CEE  and  DCB  are  emerging  technologies 
and  standards  for  making  Ethernet  a  lossless 
fabric  for  the  data  center,  capable  of  support¬ 
ing  storage  traffic  —  such  as  Fibre  Channel  — 
for  converged  storage  and  server  access. 

Juniper  also  unveiled  a  40-port  10G  Eth¬ 
ernet  line  card  for  its  EX  8200  core  switch. 
This  will  position  the  8200  as  an  end-of-row 
switch  for  aggregating  multiple  10G  links 
from  servers  and  server  switches. 

The  new  router  is  the  MX  80  3D  Ethernet 
edge  services  router.  It  incorporates  the  Trio 
chipset  that’s  designed  to  dynamically  and 
simultaneously  support  more  subscribers, 
services  and  bandwidth. 

The  MX  80  3D  is  designed  for  virtual 
machine  mobility  between  data  centers  inter¬ 
connected  by  Ethernet  Virtual  Private  LAN 
Services  (VPLS).  VPLS  provides  a  single 
Layer  2  domain  between  these  data  centers. 

This  will  compete  with  Cisco  Overlay 
Transport  Virtualization  data  center  inter¬ 
connect  technology.  Juniper  also  says  the 
new  MX  80  3D  Ethernet  router  takes 
up  half  the  power  and  space  of  Cisco’s 
ASR  1004,  while  providing  an  eight¬ 
fold  improvement  in  performance. 

Cisco  declined  to  comment  on  the 
Juniper  announcement. 

But  key  to  flattening  the  network  architec¬ 
ture  is  Juniper’s  Virtual  Chassis  technology. 
Currently,  Virtual  Chassis  allows  as  many  as 
10  of  Juniper 's  fixed  configuration  EX  switches 
to  be  connected  into  a  virtual  switch  that  sup¬ 
ports  hundreds  of  Gigabit  Ethernet  ports. 

This  will  alleviate  the  three-tier  architec¬ 
ture  requirement  for  an  aggregation  layer 
made  up  of  several  modular  switches  collect¬ 
ing  links  from  switches  in  the  server  racks  so 
that  fatter  and  fewer  pipes  can  run  into  and 
out  of  the  data  center  core.  Virtual  Chassis 
will  be  added  to  the  EX  8200  line  in  the  first 
half  of  2011.  It  is  also  expected  to  be  available 
on  the  EX  4500  in  early  2011  and  on  the  MX 
80  3D  in  the  second  half  of  2011. 

Coincidentally,  the  first  deliverable  from 
Stratus  will  be  in  the  first  half  of  2011.  As 
Virtual  Chassis  spreads  out  across  more  of 
Juniper’s  product  line,  expect  to  see  more 
tangible  Stratus  products  and  deliverables 
emerge.  Stratus  will  essentially  be  a  scaled- 
out  Virtual  Chassis  architecture  capable  of 
supporting  thousands  of  servers  and  flatten¬ 
ing  the  EX  and  MX  architecture  to  look  like  a 
single  Ethernet  routing  switch. 

But  analysts  expect  Cisco  to  counter. 

“Our  checks  suggest  Cisco  is  working  on  its 
own  Virtual  Chassis  technology  to  address 
Juniper’s  marketing  edge,”  states  Oppen- 
heimer  &  Co.  Analyst  IttaiKidron.  ■ 


Juniper’s  new  switch,  router,  software  and  services  lineup 


EX  4500:  a  48-port  10G 
Ethernet  top-of-rack 
switch,  with  support  for 
Virtual  Chassis  capa¬ 
bilities  in  2011.  Converged 
Enhanced  Ethernet  and  Data 
Center  Bridging  "capable.” 

40-port  10G  Ethernet  module  for  the  chassis-based  EX  8200  core  switch:  This  will 
position  the  8200  as  an  end-of-row  switch  for  aggregating  multiple  10G  links  from 
servers  and  server  switches.  Support  for  Virtual  Chassis  first  half  of  2011. 

MX  80  3D:  an  Ethernet  router  for  interconnecting  data  centers;  ASICs  tuned  for  high- 
performance  support  of  virtualization,  server/storage/network  convergence,  and 
lossless  Ethernet.  Support  for  Virtual  Chassis  in  second  half  of  2011. 

Software  for  managing  physical  and  virtual  systems,  network  and  security  configura¬ 
tion,  and  monitoring  and  troubleshooting;  services  for  support,  education,  network 
consulting  and  account  management. 
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Why  Attend? 

You  will  get  answers  to  your  most  pressing  questions, 

such  as: 

>•  What  is  the  business  case  and  business  value  of 
different  cloud  models? 

>►  How  do  I  choose  what  to  move  to  the  cloud,  and 
then  how  do  I  do  it? 

>  What  do  my  industry  colleagues  cloud 
implementations  look  like,  and  how  and  why 
did  they  make  the  choices  they  did? 

>  What  are  my  key  vendors  doing  to  advance  cloud 
security  and  interoperability? 

>  How  are  my  peers  overcoming  any  concerns  about 
security  and  compliance? 

>  What  should  I  be  doing  now  to  prepare  my  team  for 
this  new  world? 
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TESTING-BASED  FEATURE 


NAC:  What  went  wrong? 

After  five  years,  still  no  easy  way  for  IT  managers  to  achieve  network  access  control 


BYJOELSNYDER 


After  spending  four 
months  in  the  lab  test¬ 
ing  the  12  leading  net¬ 
work  access  control 
products,  we’ve  come 
to  this  conclusion:  Five  years  of 
hype,  buzzwords,  white  papers, 
product  launches,  standards  battles 
and  vendor  shakeouts  have  resulted 
in  very  little  in  the  way  of  clarity. 
Agreement  on  what  NAC  really 
means  and  the  right  approach  to 
NAC  remain  as  elusive  today  as  in 
2005,  when  the  first  NAC  products 
burst  on  the  scene. 

Our  head-to-head  comparison 
of  specific  NAC  products  from 
industry  heavyweights  such 
as  Microsoft,  Cisco,  HP,  Juni¬ 
per,  McAfee,  and  Symantec,  will 
appear  in  the  June  21  issue  of 
Network  World.  In  this  report,  we 
analyze  the  barriers  that  have 
impeded  the  deployment  of  NAC 
within  enterprise  networks. 

Network  access  control,  which 
we’re  defining  as  a  combination 
of  authentication,  end-point  secu¬ 
rity  checking  and  access  control,  emerged  in 
response  to  the  problem  of  mobile  users  plug¬ 
ging  infected  laptops  back  into  the  enterprise 
network.  NAC  was  intended  to  solve  real 
problems  and  answer  real  questions:  who  is 
connecting  to  my  network?  Are  they  healthy? 
Can  I  control  where  they  go?  Can  I  shut  them 
off  if  they  misbehave? 

Typically  in  our  industry,  products  tend 
to  coalesce  over  time  towards  common 
approaches  and  common  feature  sets.  For 
example,  today’s  Ethernet  switches  from  dif¬ 
ferent  vendors  are  largely  substitutable.  Swap 
out  an  HP  ProCurve  switch  for  Enterasys  and 
the  switch  is  probably  going  to  work  in  your 
network.  But  NAC  hasn’t  worked  out  that 
way.  The  products  bear  very  little  similarity 
to  each  other.  With  very  close  inspection,  a 
network  manager  might  be  able  to  find  two 
or  three  products  that  can  be  compared  head- 
to-head.  But  finding  comparable  products  is 
difficult,  and  doing  so  pre-supposes  that  the 
network  manager  already  knows  the  feature 
set  and  capabilities  that  he  wants. 

There’s  no  such  thing  as  “best  of  breed”  in 
NAC,  because  for  the  12  vendors  we  evaluated, 
there  are  nearly  12  different  “breeds”  of  NAC 
product. 


BARRIER  NO.  1 

Politics  gets  in  the  way 

A  particularly  difficult  issue  is  finding  a  prod¬ 
uct  that  will  be  compatible  both  politically  and 
technically  with  the  network.  Because  NAC 
combines  features  of  security,  network  man¬ 
agement  and  desktop  management,  a  NAC 
deployment  faces  significant  organizational 
challenges  on  top  of  any  technical  challenges. 

To  accommodate  this,  NAC  vendors  often 
build  their  products  to  minimize  the  need  for 
cross-team  cooperation,  usually  by  making 
significant  compromises.  However,  every  NAC 
vendor  makes  these  compromises  in  different 
places,  and  to  different  degrees.  Symantec’s 
NAC  offering  is  focused  on  the  desktop  team, 
while  HP’s  NAC  product  can  be  installed,  con¬ 
figured  and  managed  by  the  network  team. 

All  this  adds  up  to  a  significant  barrier  for 
network  managers  who  want  to  deploy  NAC. 
Forget  the  cost  of  the  products  —  just  figur¬ 
ing  out  which  product  will  do  the  job  that’s 
needed,  and  whether  the  product  can  be  made 
to  work  in  the  organization,  is  significantly 
more  difficult  and  time  consuming  with  NAC 
than  with  switches,  firewalls  or  servers. 


BARRIER  NO.  2 

Too  many  vendor  variations 


NAC’s  three  components  are 
authentication,  endpoint  secu¬ 
rity  and  access  control,  but 
vendors  tend  to  deliver  NAC 
products  based  on  their  strong 
suits.  This  means  NAC  prod¬ 
ucts  tend  to  focus  on  one  of 
those  three  components,  often 
ignoring  the  other  two.  When 
McAfee  approaches  NAC,  it 
does  so  from  the  context  of 
their  own  end-point  security 
management  product,  ePolicy 
Orchestrator.  But  Juniper 
approaches  NAC  from  the 
context  of  its  network  security 
components:  firewalls  and,  to 
some  extent,  switches. 

The  broad  variation  in  prod¬ 
ucts  is  due  to  disagreement 
on  the  best  way  to  reach  the 
final  goal.  The  problem  with 
this  lack  of  consensus  is  that  it 
causes  confusion  for  those  who 
are  interested  in  adding  NAC 
capabilities  to  their  network. 
For  example,  is  authentication 
important  or  isn’t  it? 

If  you  ask  Forescout,  the 
answer  is  “no;”  its  product 
barely  supports  user  authentication.  Is  access 
control  important?  If  you  ask  Bradford,  the 
answer  is  “no;”  its  product  is  focused  on  iden¬ 
tifying  devices  and  putting  them  on  different 
virtual  LANs  (VLAN),  not  on  differentiating 
users  and  controlling  their  access.  And  if  you 
want  to  know  if  endpoint  security  is  important, 
don’t  ask  HP;  its  NAC  product  doesn’t  even 
support  endpoint  security  checking  out-of- 
the-box  —  you  have  to  go  to  a  third-party  part¬ 
ner  to  pick  up  this  capability. 

Of  course,  each  of  the  NAC  vendors  has 
shoe-horned  in  bits  and  pieces  so  that  they 
can  check-mark  all  of  the  significant  features 
they  find  in  NAC  RFPs  and  tenders.  But  in 
our  testing,  it  was  very  clear  that  many  of 
these  features  were  fundamentally  at  odds 
with  the  core  product  architecture. 

With  so  little  agreement  from  major  NAC 
vendors,  network  managers  are  in  a  tough 
spot  trying  to  figure  out  whether  NAC  brings 
them  any  real  value  or  is  worth  the  headache 
of  procurement  and  deployment. 


BARRIER  NO.  3 

Interoperability  woes 

When  Network  World  tested  NAC  products 
head-to-head  in  2007,  we  had  to  break  our  tests 
up  into  separate  parts.  One  test  looked  at  two 
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NAC  frameworks  (Cisco  and  Trusted  Comput¬ 
ing  Group)  and  30  products  that  worked  in 
those  frameworks.  The  other  test  looked  at  13 
stand-alone  NAC  solutions.  We  had  predicted 
that  by  this  time,  the  frameworks  would  have 
unified  and  all  NAC  products  would  support 
them  to  one  extent  or  another. 

Unfortunately,  the  products  that  were 
resolutely  stand-alone  in  2007  are  just  as 
resolutely  stand-alone  in  2010.  This  year,  we 
looked  at  seven  of  the  13  stand- alones  from 
2007,  and  only  one  of  them  (Juniper)  has 
made  a  significant  move  towards  standards 
compliance.  (Three  of  the  companies  have 
gone  out  of  business,  two  no  longer  market 
their  endpoint  security  products  as  NAC,  and 
one  declined  to  participate.) 

Even  old  standards,  such  as  IEEE  802.1X, 
have  not  achieved  full  support  in  many  NAC 
products.  While  we  found  some  products 
that  enthusiastically  take  an  open  standards 
approach  to  NAC  using  802.1X,  others  have 
802.1X  support  as  an  afterthought. 

This  adds  up  to  a  lack  of  interoperability 
between  NAC  solutions  and  network  infra¬ 
structure.  Each  NAC  vendor  has  a  preferred  set 
of  other  security  products  they  work  with,  and 
if  you  try  and  bring  different  products  into  the 
mix,  you  may  find  your  NAC  deployment  can’t 
or  won’t  support  these  changes.  The  result  is  a 
strange  sort  of  vendor  lock-in:  your  NAC  prod¬ 
uct  may  restrict  you  from  making  changes  in 
the  network  switching  products  you  use,  your 
authentication  infrastructure,  and  what  end¬ 
point  security  product  you  install. 

With  only  a  few  products  really  taking  stan- 
dards-based  approaches  to  heart,  it’s  clear  that 


NAC  has  a  long  way  to  go  before  network  man¬ 
agers  will  have  a  true  plug-and-play  solution. 

BARRIER  NO.  4 

Deployment  difficulties 

One  perennial  struggle  for  NAC  vendors  has 
been  the  difficulty  of  deployment.  Although 
many  NAC  products  we  tested  are  designed 
to  allow  gradual  installation  across  enter¬ 
prise  networks,  getting  even  a  single  port 
protected  by  NAC  can  be  a  lengthy  process. 
More  importantly,  the  installation  of  NAC 
can  include  many  significant  decision  points 
—  and  if  those  decisions  are  changed  down  the 
line,  the  entire  deployment  may  have  to  be 
restarted.  Simple  questions,  such  as  “how  am 
I  going  to  do  authentication?”  or  “what  mecha¬ 
nism  will  I  use  for  access  control?”  are  difficult 
to  answer  confidently  without  some  in-the- 
trenches  experience  —  yet  must  be  decided 
before  you  can  even  start  rolling  out  NAC. 

Our  experience  is  indicative  of  the  problem 
facing  network  managers.  Only  one  of  the  12 
products  could  be  installed  and  operational 
within  a  single  day  in  our  small  test  network. 
Most  took  between  two  and  five  days  to  get 
fully  operational  across  a  handful  of  switches 
and  subnets.  When  it  takes  that  long  to  get 
NAC  installed  in  the  test  lab,  network-wide 
rollout  will  be  even  more  time  consuming. 

Network  managers  may  find  day-to-day 
operation  and  debugging  of  their  NAC  prod¬ 
ucts  to  be  challenging.  Most  NAC  products 
work  by  interacting  with  network  devices  to 
change  VLANs  or  apply  access  control  lists  to 
individual  ports  on  switches.  Network  opera¬ 
tions  teams  will  have  to  learn  how  to  discover 


and  manipulate  this  dynam  ic  information  from 
their  devices.  Although  switch  manufacturers 
have  made  progress  in  simplifying  NAC  debug¬ 
ging,  not  everyone  has  the  latest  hardware  and 
software  throughout  their  network. 

When  NAC  products  are  in-line,  this  rep¬ 
resents  another  operational  challenge,  as 
network  teams  now  have  a  new  device  to 
learn  how  to  manage  and  debug.  And  the 
worst  case  for  debugging  is  in  products  that 
accomplish  access  control  by  manipulating 
protocol  elements  such  as  ARP  tables  (Trust- 
wave  NAC)  or  by  injecting  protocol  manage¬ 
ment  messages  into  the  network  (Forescout 
NAC).  Since  the  behaviors  these  products  are 
exploiting  are  never  supposed  to  happen  in 
normal  operation,  there  are  no  easy  ways  to 
debug  them  when  they  are  misbehaving. 

BARRIER  NO.  5 

Hidden  scalability  issues 

One  of  the  bright  signs  that  came  out  of  our 
testing  is  the  relative  lack  of  scalability  and 
availability  issues.  In  previous  NAC  testing, 
we  uncovered  performance  problems  caused 
by  tunneling  too  much  traffic  through  a  single 
control  point.  Early  NAC  products  were  often 
entirely  in-line,  meaning  that  you  had  to  buy 
a  new  appliance  or  device  of  some  sort  that  sat 
in  between  devices  you  were  controlling  and 
the  rest  of  the  network. 

For  scalability  across  a  full  enterprise  net¬ 
work,  most  network  managers  agree  that 
enforcement  at  the  edge  of  the  network  is 
required.  The  products  we  tested  have  done 
away  with  the  requirement  for  a  full  in-line 
deployment  and  are  now  able  to  do  their  work 


Standards  wars  end,  replaced  by  uneasy  truce 

Trusted  Computing  Group  leads  effort  to  certify  NAC  products. 


The  Trusted  Computing  Group’s  Trusted  Network  Connect 
is  an  industry-supported  working  group  developing  NAC 
architecture  documents  and  standards.  The  first  public 
documents  came  out  of  TCG's  TNC  in  2005  after  a  year  of  work, 
and  the  group  has  continued  to  publish  NAC  standards  and  fill  out 
its  NAC  architecture  every  year. 

One  of  the  main  attributes  of  the  TNC  architecture  for  NAC  is 
that  it  combined  authentication  and  endpoint  security  posture 
checking  into  a  single  unified  protocol.  TNC  defined  the  protocol 
to  run  over  802.1X  (most  useful  in  a  one-device-per-switch-port 
or  wireless  environment)  as  well  as  SSL  (useful  in  more  generic 
environments,  such  as  over  VPN  tunnels  or  in  routed  networks 
where  switch  management  is  undesirable). 

When  Microsoft  released  Windows  Server  2008,  the  Microsoft 
NAP  (Network  Access  Protection)  and  TNC  NAC  protocols  were 
linked  so  that  Windows  Vista,  Windows  XP  (with  service  pack  3, 
which  includes  the  NAC  client),  and  Windows  7  are  all  interoper¬ 
able  with  products  that  follow  the  TNC  NAC  protocols. 

This  gave  TNC  significant  legitimacy,  because  it  means  that 
every  contemporary  Windows  client  is  now  “TNC  compatible”  out 
of  the  box. 

When  TNC  first  started,  Cisco  refused  to  participate,  insisting 


instead  that  work  should  take  place  in  the  IETF.  This  led  to  the 
founding  of  the  IETF  Network  Endpoint  Assessment  (NEA)  work¬ 
ing  group.  Slowly,  NEA  has  built  its  own  NAC  architecture  and 
protocols,  and  released  three  RFCs.  All  the  NEA  work  is  being 
closely  linked  to  the  TNC  work,  so  that  the  RFCs  are  compatible 
with  the  TNC  protocol  specifications. 

Last  month,  TNC  announced  a  certification  program,  which  will 
allow  participating  vendors  to  receive  a  stamp  of  approval  verifying 
that  their  products  implement  the  TNC  protocols  correctly,  and  that 
their  products  are  interoperable  with  other  certified  products. 

The  work  of  the  TNC  is  important  for  two  key  reasons.  First,  it 
represents  the  main  path  forward  for  interoperable  NAC  products. 

The  second  reason  is  that  these  architectures  are  designed  by 
security  and  network  experts  who  are  more  interested  in  solving 
problems  than  getting  a  product  to  market  quickly.  While  there  are 
always  commercial  interests  in  any  modern  standards  develop¬ 
ment,  network  managers  can  look  to  TNC  and  lETF-based  products 
with  some  confidence  that  the  primary  design  goal  was  security. 

The  standards  wars  that  were  so  inflammatory  five  years  ago 
have  settled  down  to  truce  on  all  sides,  and  technically  outstand¬ 
ing  solutions  from  the  best  minds  of  Cisco,  Microsoft  and  the 
members  of  the  TNC. 


www.networkworld.com  may  24,  2010  25 


> 


BY  REPLACING  PHYSICAL  SERVERS 

WITH  VIRTUAL  ONES 


Principal  Technical  Architect 

Cfris  Sfefei 

Kroll  Factual  Data 


i 

4 


CASE  STUDY:  Rrolt  FtcHnl 


Kroll  Factual  Data  of  Loveland,  Colorado,  is  a  longtime  provider  of 
information  services  to  the  mortgage  industry.  The  firm  wanted  to 
optimize  its  server  infrastructure  to  better  meet  spikes  in  demand  and 
reduce  data  center  costs.  Kroll  Factual  Data  virtualized  its  data  center 
using  Windows  Server  '  2008  and  Hyper-V™  technology,  consolidating 
650  servers  to  22.  It  further  streamlined  its  infrastructure  using 
Microsoft6'  System  Center  data  center  solutions  to  monitor  and  manage 
its  physical  and  virtual  landscape,  and  Microsoft  Visual  Studio1® 
development  tools  to  quickly  develop  applications. 


With  its  new  optimized  infrastructure,  the  company  can  grow  faster, 
scale  quickly  to  meet  customer  needs  and  dramatically  reduce  IT  costs. 
Kroll  Factual  Data  has  cut  annual  hardware  expenditures  by  tens  of 
thousands  of  dollars,  and  energy  costs  by  U.S.  $442,554  annually. 


To  download  the  case  study, 

snap  this  tag  or  text  VIRTUAL  to  21710* 

Get  the  free  app  for  your  phone  at  http://gettag.mobi 

‘Standard  messaging  and  data  charges  apply. 


To  read  the  full  case  study,  visit 

itseverybodysbusiness.com/virtua! 
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TESTING-BASED  FEATURE 


What’s  holding  NAC  back? 

Five  key  challenges  and  how  to  overcome  them 


Products  are  not 
easily  comparable 

Prepare  for  a  long  product  evaluation,  and  lots  of  products 
to  be  tested  before  you  shortlist.  Be  wary  of  including 
products  before  you  really  understand  how  they  work  and 
whether  they  will  fit  into  your  network  technically  and  your 
company  organizationally. 

Lack  of  agreement 
among  vendors  on 
what  is  important 
in  NAC 

Make  a  solid  business  case  for  NAC  before  starting 
product  selection  process.  Divide  NAC  into  three  areas  of 
authentication,  endpoint  security  and  access  controls,  and 
define  your  requirements  for  each  area. 

Standards  support 
among  NAC 
products  weak 

Decide  early  whether  you  require  802.1X  and  TCG  or 

IETF  support  in  your  NAC  product.  When  going  with  a 
non-standard  proprietary  approach,  be  very  careful  to  test 
products  with  all  your  equipment  at  all  revision  levels  to 
ensure  compatibility  and  interoperability. 

NAC  installation 
and  operation  can 
be  difficult 

Prepare  for  a  lengthy  testing  period.  Don’t  commit  to 
a  schedule  until  you’re  clear  on  the  scope  of  the  work 
involved.  Be  sure  to  account  for  time  to  train  network 
operations  teams  on  new  debugging  and  troubleshooting 
requirements. 

Scalability  and 
high  availability 
are  usually  not  a 
problem 

Coordinate  and  communicate  carefully  during  pre-sales 
product  sizing  to  be  sure  you  get  enough  devices  to  meet 
your  needs.  Test  any  product  that  polls  network  devices  to 
evaluate  the  projected  load  placed  on  older  switches. 

at  the  edge,  with  a  couple  of  caveats.  For  exam¬ 
ple,  McAfee’s  NAC  appliance  will  sit  in-line 
during  initial  authentication  and  endpoint 
security  checking  phases  of  the  connection, 
but  reconfigures  the  network  to  move  itself 
out  of  the  way  as  quickly  as  possible.  Juniper’s 
NAC  offers  both  in-line  and  edge  enforcement, 
giving  more  sophisticated  controls  when  an 
in-line  device  (a  Juniper  firewall)  is  used  than 
an  existing  edge  switch  can  provide.  Many 
NAC  offerings  continue  to  include  a  full  in-line 
option,  which  maybe  needed  in  some  environ¬ 
ments  (such  as  when  applying  NAC  controls  to 
a  WAN,  VPN  or  wireless  network). 

Although  we  didn’t  test  high  availability, 
we  did  examine  the  architecture  each  vendor 
offered  to  ensure  continued  operation  in  the 
face  of  different  types  of  failure,  and  found  that 
everyone  has  a  convincing  story  in  this  area. 

Network  managers  should  be  wary  of 
hidden  scalability  problems,  though.  Some 
products  we  tested  have  obvious  issues  when 
scaling  to  large  networks.  Less  obvious  are 
constraints  such  as  a  dependence  on  unreli¬ 
able  SNMP  traffic  or  a  requirement  to  poll 
every  user  edge  switch  frequently  to  detect 
changes  in  client  status.  These  designs  work 
great  up  to  a  certain  point,  but  can  fall  apart 
rapidly  as  the  network  scales  up  or  when 
older  switch  processors  become  overloaded 
with  unexpected  management  traffic. 

When  we  discussed  these  types  of  issues 
with  the  vendors  we  were  testing,  we  got  the 
same  advice  from  each:  good  pre-sales  com¬ 
munication  is  critical  to  success.  To  ensure  that 
the  NAC  solution  they  choose  will  scale  prop¬ 
erly,  network  managers  should  make  sure  they 
provide  as  much  information  as  possible  dur¬ 
ing  the  sales  cycle  so  that  prospective  vendors 
can  properly  size  their  products. 

BARRIER  NO.  6 

ROI  is  not  balanced  with  cost 

A  good  network  manager  makes  a  business 
case  for  any  new  technology.  Here’s  what  it 
will  cost.  And  here’s  what  it’s  going  to  save  us. 
If  the  savings  exceed  the  cost,  it’s  a  good  deal. 
With  NAC,  network  managers  are  having  a 
hard  time  making  a  good  business  case. 

It’s  not  that  NAC  doesn’t  have  any  benefits, 
but  those  benefits  often  fall  into  the  nebulous 
area  of  security  ROI,  one  of  the  most  difficult 
returns  to  calculate.  How  much  is  it  worth  to 
not  have  a  little  break-in?  How  much  to  avoid 
a  big  break-in?  How  likely  it  is  we  would  have 
had  one?  Can  this  technology 
promise  to  avoid  it?  These 
are  difficult  calculations. 

The  ROI  calculations 
on  NAC  aren’t  helped  by 
the  costs  being  charged  by 
many  NAC  vendors.  Some 
give  it  to  us  at  a  bargain 


price:  Microsoft,  for  example,  includes  a  full- 
featured  NAC  product  with  Windows  Vista, 
XP  and  Windows  7. 

But  even  if  the  software  is  virtually  free, 
deploying  NAC  is  expensive.  It  takes  time, 
and  time  is  money.  You  may  have  to  buy  more 
switches  or  upgrade  switches.  You  certainly 
have  to  understand  how  your  network  oper¬ 
ates  very  well,  and  you’ve  got  to  be  prepared 
to  change  many  of  your  internal  processes  for 
moves,  adds  and  changes . 

What  can  vendors  do? 

NAC  has  certainly  not  lived  up  to  expectations, 
but  it  isn't  dead  either.  Frost  and  Sullivan  pre¬ 
dicted  that  NAC  vendors  will  sell  7,500  appli¬ 
ances  and  rake  in  at  least  $250  million  in  2010, 
with  a  nice,  steady  growth  rate  of  about  25% 
every  year.  Vendors  aren’t  seeing  the  revenue 
or  growth  that  was  predicted.  But  what  can 
vendors  do  to  accelerate  NAC  deployments  in 
the  enterprise?  We  have  three  suggestions: 

1.  To  address  the  political 
issues,  vendors  could  design 
products  that  naturally  break 
apart  into  three  components: 
network,  desktop  and  secu¬ 
rity.  If  the  NAC  product  lets 
each  team  deploy  their  part 
of  the  NAC  puzzle  in  the  way 


that  fits  best  into  their  network,  then  the  likeli¬ 
hood  of  success  is  much  greater. 

2.  When  it  comes  to  ROI,  some  enterprises 
have  seen  cost  savings  with  NAC,  irrespective 
of  the  potential  for  lowering  risk  of  data  loss 
or  intrusion.  That’s  the  direction  NAC  vendors 
have  to  go:  figuring  out  how  their  products 
can  bring  value  even  in  the  absence  of  security 
benefits.  We  saw  this  in  our  testing  with  some 
outstanding  dashboards  and  visibility  tools. 
This  needs  to  be  a  benefit  of  any  NAC  deploy¬ 
ment  to  push  NAC  into  the  mainstream. 

3.  The  complexity  of  NAC  is  the  most  diffi¬ 
cult  barrier  to  overcome.  Vendors  have  pushed 
features  and  complexity  into  their  products  as 
they’ve  learned  from  customer  after  customer 
what  works  and  what  is  needed  to  make  things 
work.  They  aren’t  likely  to  throw  it  all  out  and 
start  over  from  scratch. 

However,  if  venture  capitalists  continue  to 
provide  funding  for  start-ups,  new  products 
can  come  out  of  the  woods  with  a  clean  archi¬ 
tecture  based  on  the  lessons  learned  from 
everyone  else  in  the  industry.  If  not,  NAC  just 
might  continue  to  languish  as  a  great  idea  that 
never  really  takes  off.  ■ 

Snyder  is  a  senior  partner  at  Opus  One 
in  Tucson,  Ariz.  He  can  be  reached  at  Joel. 
Snyder@opusl.com. 


More  NAC  online 

Cisco’s  approach  to 
NAC  leaves  customers 
confused. 

tinyurl.com/2eceg68 
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I  surf  x-rated  sites 
from  behind 
my  cubicle  walls 


I  pa  ss 

company  secrets 
via  the  web 


1  shop  online 
all  afternoon 


Monitor  Employee  PC  &  Internet  Activity 

Spector  360  is  the  world's  first  monitoring  solution  that  makes  it 
easy  to  detect  inappropriate  employee  behavior.  At  the  touch  of  a 
button,  you  will  see  ALL  PC  &  Internet  activity  for  your  entire 
company  and  find  out  which  employees  are  working,  playing, 
doing  their  job  efficiently  or  putting  your  business  at  risk  by 
engaging  in  illicit  or  illegal  behavior. 


Tom 

Pat 

Sarah 

Brian 

James 

Nancy 

Randy 

Victor 

Carol 


Spector  360  Records  ALL  Your  Employees7 

•  Emails  (Sent  and  Received)  •  Files  Saved  to  Removable  Media 

•  Chats  &  Instant  Messages  •  Google  &  Other  Online  Searches 

•  Keystrokes  Typed  •  Network  Traffic 

•  Web  Sites  Visited  and  much  more... 

Plus,  Spector  360  includes  a  powerful  screen  snapshot  recorder  that 
shows  you  in  exact  visual  detail  what  an  employee  does  every  step 
of  the  way. . .  think  of  it  as  a  surveillance  camera  for  your  office  PCs. 


Active  Time  (HOURS) 


CHART  DATA 


Q.  Criteria  \  E3  Settings  P  Events  I  (ft  Reports  » 


More  than  50  built-in  charts  and  reports  allow  you 
to  quickly  and  easily  identify  your  top  achievers, 
productivity  wasters,  and  anyone  engaging  in 
inappropriate  or  potentially  damaging  conduct. 


Expect  to  See  Immediate  Results 

See  results  within  24  hours  of  installing  Spector  360. . . 
we  guarantee  it!  Don't  just  take  our  word  for  it. 

Try  Spector  360  for  yourself  by  calling  1 .877.288.5699 
and  requesting  a  FREE  test  drive. 


2010  Product  Innovation  Award 

Spector  360  Awarded  Best  "Information 
Monitoring  and  Filtering  Solution" 


For  more  information,  visit: 

WatchWith360.com 

or  call  us  anytime 


Spector  360  Dashboard 


NETWORK 

PRODUCTS  GUIDE 


Monitoring,  Surveillance  and  Investigation  Software 
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Cisco  FlipSlide  HD  digital  video  camera  ($280)  © 

The  latest  Flip  video  camera  features  16GB  of  storage  for  your  videos,  and  a  slide-up  display 
that  lets  you  share  videos  of  your  vacation  more  easily  with  others. 


MORE  SIGHTS 
TO  SEE! 

More  gadgets  and  summer- 
related  iPhone  and  iPad  apps 
are  available  online. 
www.tinyurl.com/243qhlv 

Shaw  can  be  reached  at 
kshaw@nww.com.  _ 


@  Samsung  N150  netbook  ($300) 

At  2.7  lbs.,  the  N150  netbook  is  great  for  quick  trips,  letting  you 
do  practically  everything  a  laptop  does,  but  with  less  bulk.  The 
N150  includes  a  10.1-inch  non-glare  screen,  3-in-l  memory  card 
reader,  seven-hour  battery  life,  three  USB  ports  and  a  variety  of 
cool  colors  (Flamingo  Pink  Caribbean  is  our  favorite). 


Cool  TooH 
Road  Rules 


2010  SUMMER  GADGET  GUIDE 

Are  you  hitting  the  road  this  summer?  Going  camp¬ 
ing,  heading  to  the  beach,  flying  to  Disney?  If  so,  make 
your  trip  via  the  plane,  train  or  automobile  a  lot  more 
enjoyable  with  some  of  these  Cool  Tools-approved 
gear  and  apps. 


/ 


©  Altec  Lansing 
inMotion  Compact 
speakers  and  dock  ($80) 

The  latest  small  speaker  system  for  your  iPod,  iPhone 
or  other  MP3  player  includes  a  small  design  (extremely 
portable),  with  the  option  of  powering  via  AA  batteries 
if  you’re  not  near  a  power  outlet.  It  comes  with  a  unique 
case  that  can  protect  the  speakers  from  the  kids  and  also 
doubles  as  a  stand. 


©  NovoThink  Surge  solar 
charger  for  iPhone  3G 
and  3GS  ($70) 


If  your  vacation  plans  include 
outdoor  venues  such  as  hiking 
up  a  mountain  or  laying  on  the 
beach,  there  probably  won’t 
be  a  lot  of  power  outlets 
to  recharge  your  phone. 
Instead,  use  the  power  of 
the  sun  to  recharge.  The 
charger  also  doubles  as 
a  protective  case  for 
your  phone. 


Sleek  Universal  Cell 
Phone  Signal  Booster 

($130) © 

Despite  the  commercials  from 
AT&T  and  Verizon,  you  may  find 
yourself  driving  through  areas  in  the  country 
where  cell  phone  coverage  isn’t  as  good  as 
advertised.  This  in-car  device  boosts  your 
cell  phone  and  data  network  signal  so  you 
can  get  that  important  call  or  e-mail  out. 


©  Coghlan’s  Flint  Striker  ($9) 

the  next  time  you  find  yourself  in  the  woods  trying  to 
start  a  fire  (or  if  you're  a  contestant  on  ‘‘Survivor’’), 
break  out  this  waterproof  magnesium  fire-starting  rod 
and  striker,  which  can  start  a  fire  at  any  altitude  in  any 
weather  condition.  It  does  so  by  generating  a  stream 
of  sparks  that  can  light  any  combustible  material.  Also 
makes  a  worthy  sparkler-alternative  on  the  Fourth  of  July. 


y 
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©  ZipShot  tripod  ($50) 

Taking  good  photos  and  videos 
requires  a  tripod,  but  a  lot  of  them 
are  heavy,  bulky  and  take  some  time 
to  set  up  and  pack  up.  The  ZipShot 
quickly  sets  up  through  bungie- 
like  cords  that  snap  the  legs  into 
place,  and  packing  up  takes  sec¬ 
onds.  If  you  need  a  quick  setup 
and  getaway  with  your  tripod 
(like  if  you’re  being  chased  by 
a  bear),  grab  a  ZipShot. 


TOSHIBA 


©  Toshiba 


Camileo  S20  ($180) 


What  fun  is  going  on  vacation  if  you 
don’t  have  videos  and  photos  of  the 
experience?  The  Camileo  S20  fits  in 
your  pocket,  includes  4x  digital  zoom 
for  video  and  takes  5  megpixel  digital 
still  photos. 


©  TomTom  XXL550  ($200) 

The  latest  GPS  models  from  TomTom 
include  an  EasyMenu,  an  easier  touch¬ 
screen  menu  providing  quick  access 
to  search  tools.  Also  included  are 
Lifetime  Maps  and/or  Lifetime  Traf¬ 
fic  Updates  ($30),  keeping  your 
system  more  accurate.  The 
company  also  just  announced 
the  Darth  Vader  voice  (about  $13), 
which  should  keep  you  and  the  kids 
entertained  while  the  Dark  Lord  of  the  Sith 
directs  you  to  the  rotary. 
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1 5  Amp  Model* 

f  QAi  g  pmrc  ^  *20  Amp  Model  Also  Available! 


SHOWS:  Volts,  Amps,  Watt,  VA, 
Frequency,  Power  Factor  &  KWH 


Network  Management  System 
RemoteiOutletiControl 


15  Amp  Model 

SALE  PRICE 

$395 


Manage  multiple  network 
devices  via  the  Internet 


purchase  directly  at 

A-Neiltronics^  www.a-neutronics.com 

or  call  toll-free:  1  -877-263-8876 


Instantly  Search  Terabytes  of  Text 


♦  Built-in  file  parsers  and  converters 
highlight  hits  in  popular  file  types 


♦  25+  full-text  and  fielded  data 
search  options 


"Bottom  line:  dtSearch  manages 
a  terabyte  of  text  in  a  single 
index  and  returns  results  in  less 
than  a  second"  —  InfoWorld 


dtSearch  "covers  all  data 
sources ...  powerful  Web-based 
engines"  -eWEEK 

"Lightning  fast ...  performance 
was  unmatched  by  any  other 
product"  —  Redmond  Magazine 

For  hundreds  more  reviews,  and  hundreds  of 
developer  case  studies,  see  www.dtSearch.com 


♦  Spider  supports  static  and 
dynamic  web  data;  highlights  hits 
with  links,  formatting  andjimages 
intact 


❖  API  supports  .NET,  C++,  SQL,  Java, 
etc.  .NET  Spider  API 


Content  extraction  only 
licenses  also  available 


Fully-Functional  Evaluations 


1-800-IT-FINDS  •  www.dtSearch.com 


The  Smart  Choice  for  Text  Retrieval*  since  1991 


|j|  WeatherGoose  II 

Climate  Monitor 

„  $399 

Monitor 

•  Temperature  &  Humidity 

•  Air  Flow,  Light  &  Sound 

•  3  Analog  Inputs  To  order  your  copy,  visit 

•  5  Digital  Sensor  Ports  iTWatchDogs.com/Book 

Alerts  with  Escalations  ***** 

•  E-mail 


SNMP  (vl,  v2c,  v3) 
'EAJURES 

^uflt-in  Web  Interface 
Optional  IP  Web  Cams 
Free  Firmware  Updates 


Server  Room 
C1.1MATE&  Power 
Monitoring 


sales@itwatchdogs.com  •  512.257.1462  •  www.itwatchdogs.com 


WHILE  YOU  WERE  OUT 

For:  IQQC _ Time:  HfidJU  Cl  ktcflnf' 

PROBLEM: 

SERVER  WENT  DOWN 

POWER  FAILURE 

X 

WATER  ON  FLOOR 

X 

TEMPERATURE  HIGH 

X 

Sensaphone  Remote  Monitoring  Products  use 
redundant  communication  paths,  built-in  battery 
backup,  and  supervised  sensors  to  make  sure  that 
when  something  happens  in  your  computer  room 
you...  GET  THE  MESSAGE. 


Notification  via: 

•  Voice  Phone  Call 

•  Text  Message 

•  Pager 


E-Mail 
SNMP  Trap 
Fax 


Get  your  FREE  application  guide  now 


SENSAPHONE" 

REMOTE  MONITORING  SOLUTIONS 


877-373-2700 

www.sensaphone.com 
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Opinion  in  three  courses 


APPETIZER:  I  was  having  lunch  with  my 
friend  Tony  today  and  lamented  that  my 
DSL  connection  has  been  acting  flakey.  I’ve 
been  experiencing  occasional  poor  throughput  along  with  lots  of  failed 
DNS  lookups;  I  try  to  load  a  site  in  a  Web  browser  and  it  fails  but  try 
once  or  twice  more  and,  lo  and  behold,  there’s  the  site. 

Tony  responded  that  he’s  also  been  having  serious  slowdowns  with 
his  cable  Internet  service  and  its  not  just  when  the  kids  in  his  neighbor¬ 
hood  get  back  from  school.  He  has  a  theory:  AT&T  and  Comcast  are 
just  trying  to  soften  us  up  and  reduce  our  expectation  of  service. 

Then,  so  his  theory  goes,  when  they  roll  out  something  “better”  and, 
it  goes  without  saying  that  will  be  a  something  that’s  more  expensive, 
we’ll  respond  like  Pavlov’s  dogs  and  pay  without  thinking  twice.  I’d 
hate  to  think  he  might  be  right. 

Main  course:  My  editor  just  sent  me  a  brilliant  item  from  The  Onion 
(warning:  includes  foul  language)  that  skewers  the  social  networking 
service  Foursquare  in  particular  and  social  networking  in  general. 

In  case  you’ve  missed  the  tsunami  of  excitement  over  Foursquare, 
it  mashes  up  geolocation  with  social  networking  and  smartphones  to 
provide  a  service  that,  should  you  be  enormously  gregarious  and  feel 
a  pressing  need  to  know  where  your  friends  and  acquaintances  are  all 
the  time,  will  be  literally  right  up  your  street. 

Foursquare  wraps  this  up  with  “badges”  awarded  for  incredibly 
trivial  achievements  along  with  “mayorships”  for  repeated  attendance 
of  one  or  more  locations  (I  find  this  particularly  silly).  The  service  also 
reveals  your  stats:  Number  of  nights  out,  number  of  places  you’ve 
checked  in  from,  and  other,  even  less  interesting  things. 


In  short,  Foursquare  is  not  my  kind  of  thing.  I  don’t  give  rat’s  #$$ 
where  people  might  be  unless  they  owe  me  money.  That  said,  obviously 
many  people  don’t  share  my  viewpoint  as  Foursquare  has  signed  up  1 
million  users  in  slightly  more  than  one  year. 

Dessert:  Despite  my  sarcasm  over  Foursquare  and  many  other 
social  networking  services  and  games  such  as  Farmville  and  Mafia 
Wars,  I  believe  all  of  this  social  networking  stuff  actually  matters. 

You  can  divide  the  social  networking  world  into  four  major  groups: 
E-mail  and  listservs  (which,  together,  are  the  original  social  media); 
forums,  Linkedln,  Facebook,  blogs  with  comments,  and  content-ori¬ 
ented  services  (such  as  YouTube  and  Slideshare  as  well  as  Foursquare); 
and,  finally,  the  microblogs  such  as  Twitter,  Identi.ca  and  Plurk.  Each 
group  fulfills  a  market  need,  which  is  evident  from  the  success  stories 
in  each  group;  you  don’t  gain  a  million  users  without  there  being  some¬ 
thing  compelling  about  what  you  offer. 

For  those  of  us  in  the  commercial  world,  ignoring  social  network¬ 
ing  would  be  like  15th  century  monks  ignoring  Gutenberg  except  dis¬ 
enfranchising  the  monks  took  a  generation;  those  who  ignore  social 
networking  will  be  disenfranchised  in,  at  most,  a  year  or  two. 

Social  networking  in  the  broader  public  sphere  fulfills  a  communi¬ 
cation  need  that  we,  as  yet,  barely  understand  and  without  overstating 
the  case  and  risking  the  wrath  of  The  Onion,  social  networking,  even 
in  the  guise  of  Foursquare,  will  transform  the  how,  why  and  what  we 
talk  about,  focus  on  and  care  about.  ■ 

Gibbs  risks  the  wrath  of  The  Onion  in  Ventura,  Calif.  Your  tears  to 
backspin@gibbs.com. 
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A  whole  lot  of  YouTube  and  all-wireless 


LAST  TIME  in  this  space  we  attempted  to 
make  sense  of  the  scale  of  a  zettabyte,  which 
is  1  trillion  gigabytes,  or  a  1  followed  by  21 
zeroes.  The  attempt  was  largely  futile. 

Today  we’ll  tackle  some  more  manageable  yet  equally  interesting 
numbers  from  the  world  of  technology,  starting  with  YouTube’s  con¬ 
tention  last  week  that  it  is  now  serving  up  some  2  billion  video  views 
every  24  hours. 

According  to  a  blog  post  by  YouTube  parent  company  Google,  2  bil¬ 
lion  views  “represents  nearly  double  the  prime-time  audience  of  all 
three  major  U.S.  television  networks  combined.” 

Impressive,  yet  that’s  not  what  I  found  most  remarkable  about  the 
number.  No,  what  made  the  2  billion  a  day  tally  so  notable  is  the  fact 
that  it  was  announced  publicly  in  conjunction  with  YouTube  com¬ 
memorating  its  fifth  year  of  operations. 

From  zero  to  2  billion  views  in  only  five  years:  Now  that’s  Internet 
speed. 

Yet  YouTube  co-founder  Chad  Hurley  sees  the  achievement  as  a 
glass  almost  empty,  telling  BBC  News:  “I  feel  we  have  much  further  to 
go.  Two  billion  video  streams  is  a  large  number  but  on  average  people 
are  only  spending  15  minutes  a  day  on  the  site  compared  to  five  hours 
a  day  watching  TV.” 

Of  course,  television  had  a  head  start,  what  it  having  been  around 
since  the  1930s  and  all. 

They  grow  up  so  fast,  though. ...  It’s  a  good  thing  we  all  have  video 
cameras. 


The  disappearing  landline 

It’s  by  no  means  news  that  more  and  more  people  are  choosing  to  ditch 
their  landline  telephones  in  favor  of  going  all-wireless,  all  the  time. 
However,  it  is  worth  noting  the  rapidity  with  which  this  transforma¬ 
tion  is  taking  place,  witness  a  few  figures  from  a  semiannual  survey 
conducted  by  the  Centers  for  Disease  Control  and  Prevention. 

One  in  four  U.S.  households  has  made  the  leap  to  wireless-only, 
according  to  the  report.  While  that  number  has  been  rising  about 
4.3%  annually,  it’s  worth  noting  that  when  the  data  was  first  collected 
in  2003  only  about  3%  of  households  were  without  landlines. 

About  26%  of  children  now  live  in  wireless-only  homes  and  their 
numbers  are  rising  even  faster  than  the  adult  population. 

As  might  be  expected,  younger  adults  are  more  likely  to  go  all-wire¬ 
less  —  about  half  of  those  aged  25  to  29  have  done  so,  while  only  5%  of 
those  65  and  older  have  joined  them. 

As  for  the  number  of  households  without  any  phone  service  at  all, 
that  continues  to  hold  steady  at  2%. 

One  last  thing:  That  “one  in  four  now  wireless-only”  statistic  is  effec¬ 
tively  closer  to  40%  if  you  consider  that  another  15%  of  households 
have  both  landline  and  wireless  telephones  but  conduct  all  or  almost 
all  of  their  calls  on  the  latter.  In  other  words,  their  landline  phones  are 
largely  decorative. 

A  hint  to  that  15%:  If  you  find  yourself  dusting  the  handset  of  your 
landline  telephone,  it  is  probably  time  to  cut  the  cord.  ■ 

Have  a  time-flies  tale  to  share?  The  address  is  buzz@nww.com. 
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Top-tier  national  network. 
Top-notch  local  support. 


Introducing  CenturyLink™  Business 

The  result  of  a  merger  between  CenturyTel  and  EMBARQ,  CenturyLink 
delivers  best-in-class  business  data  network  solutions  to  customers 
throughout  the  U.S.  You  can  count  on  us  to  combine  a  state-of-the-art 
national  network  with  local  support  from  people  who  know  you  by  name. 


Get  Stronger  Connected™  to  the  technology,  resources  and  people 
that  will  help  your  business  stay  on  top. 


Learn  more  at  centurylink.com/stronger 
or  call  1-866-345-0814. 
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The  IBM  System  x3550  M3  Express. 

When  the  downturn  ends,  the  upside  begins. 

With  new  opportunities  ahead,  now  is  the  time  to  invest  in  a  faster,  more  powerful 
server:  the  IBM®  System  x3550  M3  Express®  server,  powered  by  the  Intel®  Xeon® 
processor  5600  series.  By  replacing  your  aging  servers,  the  x3550  M3  can  help  you 
reduce  operating  costs,  increase  efficiency  and  respond  to  customers  more  quickly. 


IBM  System  x3550  M3  Express 

$3,299 

or  $84/month  for  36  months1 
PN: 7944E2U 

1 U  dual-socket  server  featuring  up  to  2  Intel®  Xeon®  processor  5600  series 
18  DIMM  sockets  1333MHz  DDR-3  (18  RDIMMs,  144GB  max) 


IBM  System  x3650  M3  Express 

$3,065  m 

or  $78/month  for  36  months1 


PN: 7945E2U 


2U  dual-socket  server  featuring  up  to  2  Intel®  Xeon®  processor  5600  series 
18  DIMM  sockets  1333MHz  DDR-3  (18  RDIMMs,  144GB  max) 


IBM  System  Storage  DS3200  Express 

$6,495 

or  $165/month  for  36  months1 


PN: 172622X 

External  Disk  Storage  with  3  Gbps  Serial  Attached  SCSI  (SAS)  interface  technology 


Scalable  up  to  7.2TB  of  storage  capacity  with  600GB  hot-swappable  SAS  disks 


See  for  yourself. 

See  how  much  you  could  be  saving-in  just  minutes- 
with  the  IBM  Systems  Consolidation  Evaluation  Tool. 


ibm.com/systems/performance 
1  866-872-3902 
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